Google has released Chrome version 104.0.5112.79 for Windows, Mac, and Linux to fix the high-severity vulnerabilities. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Google acknowledged these issues and said that it is pushing crucial updates to fix multiple high-severity vulnerabilities in the browser.
Google in an official statement said that it fixed 27 vulnerabilities, which are -
CVE ID | Vulnerability | Impact | Credit |
---|---|---|---|
CVE-2022-2603 | Use after free in Omnibox | High | Anonymous |
CVE-2022-2604 | Use after free in Safe Browsing. | High | Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab |
CVE-2022-2605 | Out of bounds read in Dawn. | High | Looben Yang |
CVE-2022-2606 | Use after free in Managed devices API. | High | Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab |
CVE-2022-2607 | Use after free in Tab Strip. | High | @ginggilBesel |
CVE-2022-2608 | Use after free in Overview Mode. | High | Khalil Zhani |
CVE-2022-2609 | Use after free in Nearby Share. | High | koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute |
CVE-2022-2610 | Insufficient policy enforcement in Background Fetch. | Medium | Maurice Dauer |
CVE-2022-2611 | Inappropriate implementation in Fullscreen API. | Medium | Irvan Kurniawan (sourc7) |
CVE-2022-2612 | Side-channel information leakage in Keyboard input. Reported by | Medium | Erik Kraft & Martin Schwarzl |
CVE-2022-2613 | Use after free in Input. | Medium | Piotr Tworek (Vewd) |
CVE-2022-2614 | Use after free in Sign-In Flow. | Medium | Raven at KunLun lab |
CVE-2022-2615 | Insufficient policy enforcement in Cookies. | Medium | Maurice Dauer |
CVE-2022-2616 | Inappropriate implementation in Extensions API. | Medium | Alesandro Ortiz |
CVE-2022-2617 | Use after free in Extensions API. | Medium | @ginggilBesel |
CVE-2022-2618 | Insufficient validation of untrusted input in Internals. | Medium | asnine |
CVE-2022-2619 | Insufficient validation of untrusted input in Settings. | Medium | Oliver Dunk |
CVE-2022-2620 | Use after free in WebUI. | Medium | Nan Wang and Guang Gong of 360 Alpha Lab |
CVE-2022-2621 | Use after free in Extensions. | Medium | Viettel Cyber Security |
CVE-2022-2622 | Insufficient validation of untrusted input in Safe Browsing. | Medium | Imre Rad and @j00sean |
CVE-2022-2623 | Use after free in Offline. | Medium | Raven at KunLun lab |
CVE-2022-2624 | Heap buffer overflow in PDF. | Medium | YU-CHANG CHEN and CHIH-YEN CHANG |
Addressing these vulnerabilities, Google said, "access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven't yet fixed.”
How to protect yourself
To install the latest version of Google Chrome on Windows or Mac, open the app and click the three vertical dots at the top-right to see more options. In the Help menu, choose About Chrome to see information about the browser. In most cases, Chrome will automatically start the update process so that only a relaunch is required to finish the installation. If an update button appears, click it, then relaunch the app to finish and secure the browser from attacks.
Google also thanked security researchers who worked with the company to fix these vulnerabilities. "We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel," Google said.