The latest stable Google Chrome version 101.0.4951.41 has arrived with 32 security fixes for Windows, Linux and macOS. The fixes also include one critical flaw, 12 high-severity, 13 medium severity and six low severity fixes. The bugs were reported to Google by external researchers.

The critical flaw is tracked as CVE-2022-1853 and is a “use after free in IndexedDB”. The bug was in IndexedDB, an interface that allows for storing large quantities of structured data, including but not limited to files. Each of these IndexedDBs is a database of its own, unique to an origin such as a domain or a website, and access should be restricted to that particular origin point only.

While Google hasn’t provided details about the flaw, Malwarebytes notes that the bug can potentially allow an attacker to create a malicious website and take over the user’s browser.

This is an image of cyber security hacked hacking 3889

As for the remaining 31 bugs, the 12 high severity vulnerabilities would allow attackers to execute code remotely inside your browser, pretending to be coming from another origin. The 13 medium rated vulnerabilities let attackers read or change limited information. Access to information isn’t harmful but can be problematic when combined with other flaws.

Finally, the last six low vulnerabilities are bugs that would otherwise be high severity flaws, but either has harsh mitigating conditions or a relatively limited attack scope.

The easiest way to mitigate the risk is to let Chrome do its job and automatically update itself. However, leaving the browser running for too long can pause automatic updates. Even some third-party extensions or several different factors can keep Chrome from updating itself, so it doesn’t hurt to check.

You can check your current Chrome version by heading over to chrome://settings/help and ensuring you’re on the latest update. If you’re not, update immediately.