Google announced the release of new updates for Chrome to fix multiple vulnerabilities. The patch fixes seven vulnerabilities. Four of these vulnerabilities are classed as high risk. CISA warned users to apply the patch as soon as possible and stated that attackers can exploit the vulnerabilities to take control of a vulnerable system.
Four high-risk vulnerabilities
The Stable channel has been updated to 102.0.5005.115 for Windows, Mac, and Linux. It will be rolled out in the coming days for everyone. Google also stated that bug details and links will be restricted until they are patched by the majority of the users. Google also stated that they will retain restrictions if the bug exists in a third-party library that other projects. Some of the fixes were contributed by external researchers, which are:
- High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17
- High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito – Tran Van Khang (VinCSS) on 2022-04-19
- High CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13
- High CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31
Google also said,
« We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. »