The latest Google Chrome update fixes several high-severity vulnerabilities in the browser, the company revealed.
In total, Google has patched seven vulnerabilities, including four labeled as high severity: CVE-2022-2007 (Use-After-Free (UAF) vulnerability in WebGPU), CVE-2022-2008 (Out-of-Bounds Memory Access Vulnerability in WebGL), CVE-2022-2010 (Out-of-Bounds Read Vulnerability in Chrome Compose Component), and CVE-2022-2011 (UAF Vulnerability in ANGLE).
Google is keeping quiet about how threat actors can take advantage of these vulnerabilities until most users fix it, so details are relatively sparse. Still, the US Security and Infrastructure Agency (CISA) published a short notice after the patch was released, asking users to patch their endpoints. (opens in new tab) immediately, as flaws can be abused “to take control of an affected system”.
Version 102.0.5005.115 was officially released on Thursday, June 9th for Windows, Mac and Linux, with the update set to automatically roll out to all users in the coming weeks.
Bounty hunter
“Access to bug details and links may be kept restricted until the majority of users are updated with a fix. We will also keep restrictions if the bug exists in a third-party library that other projects also depend on but haven’t fixed yet ,” said Google.
CVE-2022-2010 was discovered by Google’s Project Zero research team, according to ZDNet, while the others were discovered by independent security researchers. According to the publication, CVE-2022-2007 earned security researcher David Manouchehri a $10,000 bounty, while the names of the people who discovered CVE-2022-2008 and CVE-2022-2011 have yet to be published. .
“We would also like to thank all the security researchers who worked with us during the development cycle to prevent security bugs from reaching the stable channel,” Google said.
Currently, Chrome is the number one browser in the world with over 2.6 billion users worldwide.
Through: ZDNetName (opens in new tab)
