Follow Us on WhatsApp | Telegram | Google News

Google Patch 27 Vulnerabilities in Latest Updates for Chrome

Table of Contents

Google has released Chrome version 104.0.5112.79  for Windows, Mac, and Linux to fix the high-severity vulnerabilities. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Google acknowledged these issues and said that it is pushing crucial updates to fix multiple high-severity vulnerabilities in the browser.

Google in an official statement said that it fixed 27 vulnerabilities, which are -

CVE ID Vulnerability Impact Credit
CVE-2022-2603 Use after free in Omnibox High Anonymous
CVE-2022-2604 Use after free in Safe Browsing. High Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
CVE-2022-2605 Out of bounds read in Dawn. High Looben Yang
CVE-2022-2606 Use after free in Managed devices API. High Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab
CVE-2022-2607 Use after free in Tab Strip. High @ginggilBesel
CVE-2022-2608 Use after free in Overview Mode. High Khalil Zhani
CVE-2022-2609 Use after free in Nearby Share. High koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute
CVE-2022-2610 Insufficient policy enforcement in Background Fetch. Medium Maurice Dauer
CVE-2022-2611 Inappropriate implementation in Fullscreen API. Medium Irvan Kurniawan (sourc7)
CVE-2022-2612 Side-channel information leakage in Keyboard input. Reported by Medium Erik Kraft & Martin Schwarzl
CVE-2022-2613 Use after free in Input. Medium Piotr Tworek (Vewd)
CVE-2022-2614 Use after free in Sign-In Flow. Medium Raven at KunLun lab
CVE-2022-2615 Insufficient policy enforcement in Cookies. Medium Maurice Dauer
CVE-2022-2616 Inappropriate implementation in Extensions API. Medium Alesandro Ortiz
CVE-2022-2617 Use after free in Extensions API. Medium @ginggilBesel
CVE-2022-2618 Insufficient validation of untrusted input in Internals. Medium asnine
CVE-2022-2619 Insufficient validation of untrusted input in Settings. Medium Oliver Dunk
CVE-2022-2620 Use after free in WebUI. Medium Nan Wang and Guang Gong of 360 Alpha Lab
CVE-2022-2621 Use after free in Extensions. Medium Viettel Cyber Security
CVE-2022-2622 Insufficient validation of untrusted input in Safe Browsing. Medium Imre Rad and @j00sean
CVE-2022-2623 Use after free in Offline. Medium Raven at KunLun lab
CVE-2022-2624 Heap buffer overflow in PDF. Medium YU-CHANG CHEN and CHIH-YEN CHANG

Addressing these vulnerabilities, Google said, "access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven't yet fixed.”

How to protect yourself

To install the latest version of Google Chrome on Windows or Mac, open the app and click the three vertical dots at the top-right to see more options. In the Help menu, choose About Chrome to see information about the browser. In most cases, Chrome will automatically start the update process so that only a relaunch is required to finish the installation. If an update button appears, click it, then relaunch the app to finish and secure the browser from attacks.

Google also thanked security researchers who worked with the company to fix these vulnerabilities. "We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel," Google said.

Read Also
Post a Comment