By Click&Clean - Thursday, January 12, 2023. Earlier this week, Google released the first major update of 2023 for its Chrome web browser for all major platforms, including Windows, macOS, Linux, Chrome OS, iOS, and Android. One of the important things about this release is that it's the last major version of the web browser that will support Windows 7 and Windows 8/8.1. So, if you're using Windows 7/8/8.1, it's time to upgrade your computer so you can stay protected and secure going forward.
As usual, the most important thing that the Google Chrome team has done in this version is to fix for the security vulnerabilities found in previous iterations. The Chrome 109 update should be installed automatically on most operating systems over the coming days or weeks, but we strongly suggest that if you haven't already updated to Chrome 109, you should check for and install the update immediately by clicking the button below.
Make sure your Google Chrome web browser is updated to the latest stable version 109.0.5414.74/.75 on Windows, 109.0.5414.74 Linux, and 109.0.5414.87 on Mac to stay protected from potential cyber-attacks and other security threats.
The latest Chrome 109 fixed 17 security bugs, including 7 high-severity issues, 4 medium-risk flaws, and 6 bugs assessed as low-risk security vulnerabilities. Here's a list of high-, medium-, and low-risk security bugs that have been fixed in Chrome 109:
Use-after-free bug in Overview Mode (CVE-2023-0128) and Cart (CVE-2023-0134, CVE-2023-0135) - These security bugs allow a remote cyber-attacker to trick the user into visiting a malicious web page, then trigger an out-of-bounds read error and crash the web browser.
Heap-baced buffer overflow in Network Service (CVE-2023-0129), Platform Apps (CVE-2023-0137), libphonenumber (CVE-2023-0138) – These security vulnerabilities often leads to security errors that allow a cyber-attackers to cause arbitrary code execution and even a system crash.
Inappropriate implementation in Full Screen API (CVE-2023-0130, CVE-2023-0136), iframe Sandbox (CVE-2023-0131), Permission prompts (CVE-2023-0132, CVE-2023-0133), File System API (CVE-2023-0140) - These security flaws allow a remote cyber-attacker to gain access to the user's sensitive information when the user visits a specially crafted malicious web page.
Insufficient validation of untrusted input in Downloads (CVE-2023-0139) - This vulnerability allows a remote cyber-attacker to trick the victim to perform certain actions in web browser and then crash it.
Insufficient policy enforcement in CORS (CVE-2023-0141) - This security bug allows a remote attacker to bypass implemented security restrictions and gain access to sensitive information.
Apart from the security fixes, there are a few new features in Google Chrome 109, most of which are only relevant to developers, with the exception of Secure Payment Confirmation (SPC) on Android.
This new feature is designed to simplify authentication of banks, credit cards, and other payment processors in Chrome on Android by allowing you to authenticate yourself with your biometric screen unlock method. If this method is supported by your bank or credit card provider, then when you want to make a purchase, you'll simply scan your fingerprint without the typical annoying process of verifying via a one-time pass code or the like that it is really you who is making the purchase.