To find the update, you need to check your device settings. The devices that have received the Android April update so far include Google’s Pixel device and some third party Android phones including Samsung Galaxy A32 5G, A51, A52 5G, A53 5G, A71, S10 series, S20 series, Note20 series, Z Flip. 5G, Z Flip3, Z Fold, Z Fold2, and Z Fold3, as well as OnePlus 9 and OnePlus 9 Pro.
Google Chrome urgent update
As the world’s largest browser with over 3 billion users, it’s no surprise that attackers are targeting Google Chrome. Browser-based attacks are particularly worrisome because they could potentially be tied together with other vulnerabilities and used to take over your device.
This has been a particularly busy month for the team behind Google’s Chrome browser, which has seen several security updates in each other’s weeks. The latest, pushed in mid-April, solves two problems, including a high-intensity zero-day vulnerability, CVE-2022-1364, which is already being used by attackers.
Technical details are not currently available, but the correction time – just one day after it was reported – indicates that this is quite serious. If you use Chrome, your browser should now be in version 100.0.4896.127 so that it can be modified. You’ll need to restart Chrome after the update is installed to make sure it’s enabled.
The Chrome issue also affects other Chromium-based browsers, including Brave, Microsoft Edge, Opera, and Vivaldi, so if you use one of these, make sure you’ve applied the patch.
But this is not the end. On April 27, Google announced another Chrome update fixing 30 security vulnerabilities. The company says none of these have yet been exploited, but seven are rated as high risk. The update takes the browser to version 101.0.4951.41.
Oracle’s April 2022 Critical Patch Update
In mid-April, Oracle released its quarterly Critical Patch Update, which includes 520 security fixes. Some of the issues fixed in the update are serious: 300 of them can be used remotely without authentication and 75 security issues have been rated as critical. Some of the addresses of the Oracle patch are CVE-2022-22965, aka Spring4Shell, a remote code execution (RCE) error in the Spring Framework.
Microsoft’s Busy April Patch Tuesday
Microsoft had a big patch on Tuesday in April, corrected for more than 100 vulnerabilities, including 10 serious RCE errors. According to the company, the most important, CVE-2022-24521, is already being exploited by attackers.
As reported by researchers at NSA and CrowdStrike, the problem with Windows Common Log File System drivers does not require human interaction to be exploited and can be used to gain administrative advantage over logged systems. Other notable solutions include CVE-2022-26904— a universally known problem and CVE-2022-26815, a serious DNS server error.
Mozilla Thunderbird 91.8.0 Fix
On April 5, Mozilla released a patch to fix security issues with its Thunderbird email client as well as the Firefox browser. Details are scarce, but Thunderbird 91.8 corrects four vulnerabilities that are rated as having high impact, some of which can be used to intentionally run code.
Firefox ESR 91.8 and Firefox 99 also address multiple security issues.
WordPress Plugin Element Version 3.6.3
The Elementer Website Builder plugin for WordPress received a major security fix in April for a critical-rated vulnerability that allows attackers to perform remote code and effectively capture a website.
Researchers at Plugin Vulnerabilities found that an error was introduced in the plug-in version 3.6.0, released March 22. Researchers say.
Although the attacker needs to authenticate in order to exploit the problem, it is still quite serious because anyone logging into the affected website can exploit it. Elementor’s update for 5 million users, version 3.6.3, should be implemented as soon as possible.
More great cable story