I found the Google Chrome blog post (chromereleases.googleblog.com) about the release where they list and link to all of the fixed security issues. The Malwarebytes article covers them better anyway.
These are bad. All you have to do is visit a specially crafted webpage and you can have arbitrary code run on your local machine.
Upgrade Chrome and Chromium now and you will be safe from those exploits.
The bigger story is that there is an another exploit (infosec.exchange) that was reported to the Chromium team in 2022 and it still has not been fixed. Worse, the researcher who reported it thought it had been fixed and reported it publicly. It turned out she was wrong. It’s still an active bug and malware writers probably got their hands on the proof of concept code before Google hid the issue.
Again, all you have to do to fall victim to this exploit is visit a webpage. From then on Chrome / Chromium will run the attacker’s payload in the background any time the browser is open. You can even close the page, close the browser and re‐open it and the attacker’s code will start running again.
I read google is shit-canning chrome and going with a new more android like os.
This is a set of bugs in Chrome browser, not Chrome OS.
That’s interesting though. I never saw the use for Chrome books.