Users and administrators should update to a new version of Chrome released by Google last week to address seven flaws in the browser, according to the US Cybersecurity and Infrastructure Agency (CISA).
Google published an advisory on January 6, 2019. Four of the bugs were addressed in the advisory: three were reported to Google by external researchers, who identified them as posing a significant risk for businesses. The firm stated that it had decided to keep access to bug information limited until most users have updated to the new version of Chrome (102.
One of the flaws is a so-called use after free bug in the WebGPU application programming interface for operations such as calculation and rendering on a Graphics Processing Unit. According to a description of the flaw on the vulnerability database VulDB, the bug (CVE-2022-2007) is remotely exploitable. It has an impact on affected systems’ confidentiality.
In May, Google rewarded the security researcher who discovered the vulnerability with $10,000. According to VulDB, an exploit for the flaw would cost between $5,000 and $25,000.
The second flaw is an out-of-bounds memory access using the WebGL API for rendering 2D and 3D graphics. Two VinCSS Internet Security Services researchers discovered the bug (CVE-2022-2008). VulDB characterized the vulnerability as being remotely exploitable but requiring user interaction.
The third high-severity vulnerability addressed by the new Chrome version (CVE-2022-2010) is a Web page content rendering out-of-bound read vulnerability. In May, a Google Project Zero security researcher discovered the flaw. Like the other two flaws, this one also has an impact on the affected systems’ confidentiality, integrity, and availability.
The use-after-free vulnerability discovered by Google in June is the fourth high-severity bug they’ve published. An external security researcher brought it to Google in May. According to an outside source, ANGLE, a function that Google describes as an “almost native Graphics Layer engine” in Chrome, is vulnerable (CVE-2022-2011).
Google’s Chrome update note has been updated. The firm advised organizations to check it out and install the upgrade to reduce risk. For Windows, Mac, and Linux users, Google’s browser has been upgraded to version 102.0.5005.115. This version addresses security flaws that an attacker might exploit to gain access to a system.
Google’s most recent Chrome version addresses seven flaws, fewer than the number of other recent Chrome-related bugs reported by the firm. On May 24, Google released a Chrome update that it had discovered in an internal testing program. One of the bugs was rated as being of critical importance, while seven others were considered to be extremely severe. Another update, also issued in May, included fixes for 13 flaws, eight of which were deemed high-risk.