Google has released Chrome updates to address seven security flaws discovered in the browser used by millions around the world, four of which are classified as high risk.
According to a US Cybersecurity & Infrastructure Agency (CISA) alert, attackers could exploit vulnerabilities in Google Chrome for Windows, Mac, and Linux “to take control of an affected system.”
CISA recommends that users update to the latest version of Google Chrome – 102.0.5005.115 – to avoid exploiting the security vulnerabilities.
CVE-2022-2007 is a Use-After-Free (UAF) vulnerability in WebGPU that allows attackers to hack the program by incorrectly using dynamic memory during program operation, and CVE-2022-2008 is an out-of-bounds memory access vulnerability in WebGL, a JavaScript API used in Google Chrome. An out-of-bounds vulnerability allows attackers to access sensitive information that they should not have access to.
The security update also addresses CVE-2022-2010, an out-of-bounds read vulnerability in Chrome’s compositing component, and CVE-2022-2011, a UAF vulnerability in ANGLE, an open-source, cross-platform graphics engine abstraction layer used in Chrome’s backend.
Google’s Project Zero research team discovered CVE-2022-2010, while the others were discovered by independent security researchers. David Manouchehri, a security researcher, received a $10,000 bug bounty for disclosing CVE-2022-2007. The researchers who discovered CVE-2022-2008 and CVE-2022-2011 will receive bug bounties.
According to a Google blog post about the Chrome release, “access to bug details and links may be restricted until a majority of users have been updated with a fix; we will also retain restrictions if the bug exists in a third-party library on which other projects similarly rely, but haven’t yet fixed.”
Full details on how attackers can exploit the high-risk vulnerabilities have yet to be revealed, by Google’s policy of waiting for the majority of users to apply the updates before revealing more.
Before you can receive free updates, link building strategies or SEO tips you need to confirm your email right now.
(It’s easy)
Just go to your inbox, open the confirmation email from the SIA, and click the link.
And that’s it!
PS: If you don’t see a confirmation email, please check your spam/junk or promotions folders. Sometimes the confirmation message ends up there by mistake.
Obtenez nos 7 études S.I.A. les plus controversées qui feront trembler la tête même les SEO les plus avancés d’incrédulité.
De plus, nous vous alerterons lorsque nous publierons de nouveaux tests au public.
Obtenga nuestros 7 estudios S.I.A. más controvertidos que harán que incluso el SEO más avanzado sacuda la cabeza con incredulidad.
Además, le avisaremos cuando publiquemos nuevas pruebas al público.
Get Our Most 7 Controversial S.I.A. Studies That Will Make Even the Most Advanced SEO Shake Their Head in Disbelief.
Plus we will alert you when we publish new tests to the public.
