- Google announced that patches for the 11 vulnerabilities found in the Chrome web browser for desktops are being rolled out.
- Google also admitted that among 11 vulnerabilities, one of them is currently being exploited in the wild.
- Technical details of the vulnerabilities are not published yet but it is expected to be announced after the majority of users applied the patches.
Google is releasing patches to address vulnerabilities found in the Chrome browser for desktops. The tech giant didn’t share detailed information about the vulnerabilities but confirmed that one of the vulnerabilities is currently being exploited in the wild. The update fixes 11 vulnerabilities. Some of the vulnerabilities were reported by external researchers.
11 vulnerabilities
The Stable channel has been updated to 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows which will roll out over the coming days/weeks. The extended stable channel has been updated to 104.0.5112.101 for Mac and 104.0.5112.102 for Windows, which will also roll out over the coming days/weeks. The details of the vulnerabilities will be announced after the majority of users have installed the update and if the bug exists in a third-party library that other projects it may take longer.
- [$NA] Critical CVE-2022-2852: Use after free in FedCM.
- [$7000] High CVE-2022-2854: Use after free in SwiftShader.
- [$7000] High CVE-2022-2855: Use after free in ANGLE.
- [$5000] High CVE-2022-2857: Use after free in Blink.
- [$5000] High CVE-2022-2858: Use after free in Sign-In Flow.
- [$NA] High CVE-2022-2853: Heap buffer overflow in Downloads.
- [$NA] High CVE-2022-2856: Insufficient validation of untrusted input in Intents.
- [$3000] Medium CVE-2022-2859: Use after free in Chrome OS Shell.
- [$2000] Medium CVE-2022-2860: Insufficient policy enforcement in Cookies.
- [$TBD] Medium CVE-2022-2861: Inappropriate implementation in Extensions API.
Google confirmed that CVE-2022-2856 is being exploited in the wild.