Google Chrome users who are still running Windows 7 or Windows 8 could be left vulnerable to cyberattacks because they will no longer be able to update to the latest version of the browser.
The latest version of Google Chrome (Chrome 110) provides users with protection against several known cybersecurity issues, including three classed as high-risk — but users who are still running Windows 7 or Windows 8 won’t be able to install the update because Chrome no longer supports updates on these versions of Windows.
Also: Google’s hackers: Inside the cybersecurity red team that keeps Google safe
“Chrome 109 is the last version of Chrome that will support Windows 7, Windows 8/8.1, Windows Server 2012, and Windows Server 2012 R2. Chrome 110 is the first version of Chrome that requires Windows 10 or later. You’ll need to ensure your device is running Windows 10 or later to continue receiving future Chrome releases,” Google said in a blog post at the end of last year.
In an email to ZDNET, a Google spokesperson confirmed that, for Windows users, Google Chrome 110 and future updates will only be supported on Windows 10 and later updates, including Windows 11.
Older versions of Chrome will still work, but they won’t receive security updates — and users are encouraged to move to a supported version of Windows to receive future updates.
The decision to cease support for Google Chrome for Windows 7 and Windows 8 comes after Microsoft ended extended support for the Windows operating systems in January — after initial support was ended in 2020. But the operating systems are still used by millions of people.
Google Chrome 110 update is rolling out as normal for Windows 10 and Windows 11 users, along with Mac and Linux users. In most cases, the update will be downloaded automatically and will be implemented after restarting the browser.
The new update fixes 15 security vulnerabilities, including three classed as high-risk.
CVE-2023-0696 is a vulnerability in V8, the JavaScript engine developed by the Chromium Project for Google Chrome and Chromium web browsers, which could leave systems vulnerable to remote attacks via a a crafted HTML page.
CVE-2023-0697 is a vulnerability in the browser affecting full-screen mode that could allow a remote attacker to spoof contents of the security UI via a crafted HTML page, potentially putting the user at risk if they interact with the page to the extent that attackers could use the flaw to execute remote code.
Also: Email is our greatest productivity tool. That’s why phishing is so dangerous to everyone
Meanwhile, CVE-2023-0698 is an out-of-bounds vulnerability in WebRTC, an open-source project that provides browsers with real-time communication via application programming interfaces. An out-of-bounds vulnerability reads data past the end, or before the beginning, of the intended buffer, potentially allowing attackers to read sensitive information from other memory locations or cause a crash.
As with Google’s usual protocols around security fixes, full details on some of the vulnerabilities aren’t being made public until the update has been released and users are protected.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” said Google.
“We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel,” the company added.
It’s recommended that users install Chrome 110.0.5481.77/.78 for Windows, and 110.0.5481.77 for Mac and Linux, to protect against cyberattacks and security issues. Windows users who are still running the now-unsupported operating systems of Windows 7 and Windows 8 are urged to upgrade to Windows 10 or later.