back to article Google issues third emergency fix for Chrome this year

Google is issuing fixes for two vulnerabilities in its Chrome web browser, including one flaw that is already being exploited in the wild. The emergency updates the company issued this week impact the almost three billion users of its Chrome browser as well as those using other Chromium-based browsers, such as Microsoft Edge, …

  1. WolfFan Silver badge

    How happy I am

    That I use Firefox and Safari.

    1. Anonymous Coward
      Anonymous Coward

      Re: How happy I am

      So you use two browsers that could potentially have insecurities or flaws. Divide and conquer yourself. I love your thinking. You truly are too wise for my tiny mind.

      1. LDS Silver badge

        Re: How happy I am

        Still, it good to have alternatives that doesn't use all the same code. If a bug is actively exploited and dangerous, you can switch to an alternative for a while.

      2. Claverhouse Silver badge

        Re: How happy I am

        So your conclusion is to use no browser at all ?

        1. bombastic bob Silver badge
          Devil

          Re: How happy I am

          practice "safe surfing". One aspect already mentioned, NOT surfing the web with administrator privileges

          I go one step further - do not surf the web on a WINDOWS computer (and use NoScript type plugins whenever possible, especially when following links to sites you have not been to before and do not already trust and even THEN, limit what runs or sandbox the browser)

          that, and not reading mail in HTML form - text only (does Micros~1 mail program use the chrome engine to display HTML mail? yeah NOBODY ever e-mails spam with vulnerabilities and/or script in them)

          anyway, captain obvious for the rest of it

          1. VoiceOfTruth

            Re: How happy I am

            -> practice "safe surfing".

            In practice this is impossible if you are going to browse the web at all. Practically every site these days slurps in great chunks of javascript from third-party web sites. You think you are being sensible browsing to somesafewebsite.com, but in the background it has included all manner of junk without you knowing about it (unless you look).

          2. cyberdemon Silver badge
            Mushroom

            > practice "safe surfing".

            Another good reason to block all JavaScript by default.

            Use NoScript on Firefox and ScriptSafe on Chrome.

            Yes, it means that some websites are broken-by-default until you whitelist one of the umpteen-zillion javascript domains, but that's a price worth paying IMO.

            It has the added side-effect that I don't need a blacklist-based adblocker or privacy guard, because all ads and tracking cookies are pulled in via Javascript. e.g. on the Reg, I am allowing scripts from "forums.theregister.com", but those that it tries to load from "securepubads.g.doubleclick.net", "googletagmanager.com" and "google-analytics.com" are thoroughly BLOCKED.

        2. SteveK

          Re: How happy I am

          A strange game. The only winning move is not to browse.

          How about a nice game of chess?

      3. Sitaram Chamarty

        Re: How happy I am

        > So you use two browsers that could potentially have insecurities or flaws

        "potentially" is better than *definitely*

        Barely 3 weeks before this, we had CVE 2022-0609 (https://threatpost.com/google-chrome-zero-day-bugs-exploited-weeks-ahead-of-patch/179103/ -- you don't even need to click it; the URL says it all)

  2. Mike 137 Silver badge

    Type confusion

    Almost always, 'type confusion' results from developer inattention. However any decent method library should trap such errors. Way back (40 odd years ago) we were writing validation wrappers around 'hazardous' C functions to do just that. The practice seems to have fallen by the wayside.

    1. IGotOut Silver badge

      Re: Type confusion

      That's because companies like to hire fresh talent and sack the old crusties with their crazy stuck in the mud ideas.

      Therefore the bright young things make exactly the same mistakes that the old farts learnt to avoid a long time ago.

      1. Tom 7 Silver badge

        Re: Type confusion

        Or worse, go and write new languages to solve already solved problems!

    2. Brewster's Angle Grinder Silver badge

      Re: Type confusion

      Until we've seen the bug, we don't really know what's gone on.

      But Chrome is C++ so the compiler will tell them if they've got function invocation wrong. It's got to be a bit more subtle than that - probably concerned with one of the javascript interpreters or compilers.

  3. Anonymous Coward
    Anonymous Coward

    "The Chrome updates will be applied in the coming days and weeks, with Chrome automatically installing them when the browser is closed and relaunched."

    Which, of course, no-one in their right mind would allow. If I'm on a customer's network, the last thing I want to do is download updates or have some dumbass application decide to download them on its own.

  4. Christopher Blackmore
    Facepalm

    Is this related?

    While they are messing about with this, it would be nice if Google could fix a problem they have created on Chromebooks, where RealVNC's VNC Connect application is now broken. RealVNC hasn't changed anything, and it still works on all my other machines, but not on my Chromebook.

  5. DenTheMan

    Chrome has stopped, mail has stopped, google has stopped.

    So, since this update my only solution so far is to disable Chrome and install Chrome Beta which I bet still has the exploit.

    No doubt all Google apps use Chrome as the web view engine.

  6. DenTheMan

    Less common problem above

    Seems it is a less problem according to reviews, the mots common being a failure to update. The 2nd most common looks to be ads making me wonder if that is the sign of an infection.

    Beta is working. For now, I am reticent to clear the useful cache in the none working Chrome.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022