Security
Headlines
HeadlinesLatestCVEs

Headline

Update Chrome now: Four high risk vulnerabilities found

We take a look at the latest batch of vulnerabilities in Chrome requiring an update. The post Update Chrome now: Four high risk vulnerabilities found appeared first on Malwarebytes Labs.

Malwarebytes
#vulnerability#web#mac#windows#google#linux#rce#auth#chrome

Users of Chrome have been advised to apply updates as soon as possible related to seven security vulnerabilities. CISA has also warned that the vulnerabilities could be used to take control of affected systems. Although no detailed explanation of how these vulnerabilities work has been released, there is enough out there to encourage users to apply the patches.

Chrome 102.0.5005.115 is due to roll out over the coming days/weeks. This is for all users regardless of whether they use Windows, Linux, or Mac.

The vulnerabilities

Four of the seven issues have been rated as high risk.

CVE-2022-2007: Use after free in WebGPU. This can allow manipulation of the memory layer of the browser, with the possibility of remote code execution as per an older example.

CVE-2022-2008: Out of bounds memory access in WebGL.

CVE-2022-2010: Out of bounds read in compositing. According to reports, the attack may be initiated remotely and no form of authentication is required for exploitation, but some form of user interaction is required.

CVE-2022-2011: Use after free in ANGLE. Almost Native Graphics Layer Engine (ANGLE) is an “open source, cross-platform graphics engine abstraction layer” which was developed by Google.

Next steps

More details likely won’t be forthcoming for a while yet, so it’s crucial to apply updates as soon as possible.

In Chrome, click the More icon, then Help -> About Google Chrome. From here, you’ll be able to see your current update status and apply the update as required.

This should be all you need to do to keep the above security vulnerabilities at bay.

Related news

Gentoo Linux Security Advisory 202208-25

Gentoo Linux Security Advisory 202208-25 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 5.15.5_p20220618>= are affected.

CVE-2022-2011: Stable Channel Update for Desktop

Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CISA Recommends Organizations Update to the Latest Version of Google Chrome

Google last week reported seven vulnerabilities in the browser, four of which it rated as high severity.