Several dangerous Google Chrome security flaws have been fixed, so patch now

Google Chrome browser app on iPhone
(Image credit: Shutterstock)

The latest Google Chrome update patches multiple high-severity vulnerabilities in the browser, the company has revealed.

In total, Google fixed seven vulnerabilities, including four labeled as high-severity: CVE-2022-2007 (Use-After-Free (UAF) vulnerability in WebGPU), CVE-2022-2008 (out-of-bounds memory access vulnerability in WebGL), CVE-2022-2010 (out-of-bounds read vulnerability in Chrome's compositing component), and CVE-2022-2011 (UAF vulnerability in ANGLE).

Google is keeping quiet on how threat actors might leverage these vulnerabilities until the majority of users patch up, so details are relatively scarce. Still, the U.S. Cybersecurity & Infrastructure Agency (CISA) published a short advisory following the release of the patch, urging users to patch up their endpoints immediately, as the flaws could be abused “to take control of an affected system.”

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Version 102.0.5005.115 was officially released on Thursday, June 9, for Windows, Mac, and Linux, with the update set to roll out automatically to all users over the coming weeks.

Bounty hunters

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed," Google said. 

CVE-2022-2010 was uncovered by Google's Project Zero research team, ZDNet finds, while the others were discovered by independent security researchers. According to the publication, CVE-2022-2007 has earned security researcher David Manouchehri a $10,000 reward, while the names of the people who discovered CVE-2022-2008 and CVE-2022-2011 have not yet been published. 

"We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel," said Google. 

Chrome is currently the world’s number one browser, with more than 2.6 billion users worldwide.

Via: ZDNet

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.