Latest Chrome Update Resolves Four High Risk Vulnerabilities



Google has yet again updated Chrome to resolve multiple vulnerabilities in the browser, including four marked high severity.

It’s that time again.

If you haven’t already, it’s time to close out all of those accumulated tabs in your Chrome browser and click that update button. Users are being encouraged update the browser to fix as many as seven vulnerabilities, including some that an attacker could use to take over a system, recently uncovered in the browser.

Google released version 102.0.5005.115 of the browser for Windows, Mac, and Linux late last week to remedy the issues. The Cybersecurity and Infrastructure Agency, part of the Department of Homeland Security, warned about the vulnerabilities on Friday and encouraged users and administrators to apply the updates, as well.

The fixes include mitigating four bugs considered high in severity by Google’s researchers. Details on the other three bugs weren’t disclosed.

The bugs include a use after free vulnerability (CVE-2022) in WebGPU – an API for GPU (Graphics Processing Unit) hardware, an out of bounds memory access vulnerability (CVE-20220-2008) in WebGL –  a graphics API for rendering interactive 2D and 3D graphics, an out of bounds read vulnerability in compositing (CVE-2022-2010) and a use after free vulnerability CVE-2022-2011) in Almost Native Graphics Layer Engine, or ANGLE, an open source graphics engine developed by Google.

While Google didn’t provide much detail on how exactly the bugs could be used by attackers, the blog post, written by the Chrome team’s Prudhvikumar Bommana, and the CISA advisory, which stresses the bugs could be exploited to take control of an affected system, should be enough to get users to update.

While Google Chrome is configured to automatically update for most people, users still need to trigger the update by either restarting Chrome or clicking into the browser’s settings and relaunching Chrome to finish the update.

Users can click Chrome -> About Google Chrome -> to see their browser’s current status.

Tags: Vulnerabilities



Source link

Leave a Reply

%d bloggers like this: