Saturday, November 26, 2022
HomeGoogleGoogle Chrome: Apply the new security update now to fix these 6...

Google Chrome: Apply the new security update now to fix these 6 “high severity” bugs

Google Chrome: Apply the new security update now to fix these 6 bugs

Google has released a security update for its Google Chrome browser on Windows, Mac and Linux to fix ten security flaws, some of which could allow attackers to remotely remove vulnerable systems.

Google has detailed some of the fixes in a Google Chrome update article.

In total, the latest Google Chrome update contains 10 security updates – which are also available for Google Chrome on mobile devices, unless otherwise noted. Six of these updates have been classified as “high severity”. This means that updates should be applied as soon as possible.

“heap corrupt”

The vulnerabilities could allow a remote attacker to exploit a “corrupt stack” via an HTML page. Corruption affects the “heap”, an area of ​​pre-reserved computer memory that a program uses to store a variable amount of data. This corruption can cause the memory to fail to the point of causing a crash.

CVE-2022-3885 is a vulnerability in V8, the open source JavaScript engine developed by the Chromium Project for Google Chrome and Chromium web browsers, which can cause this heap-heap corruption, while CVE-2022-3886 is a vulnerability in speech recognition in Google Chrome, which can be used to the same effect.

CVE-2022-3887 is a vulnerability in Web Workers, which is used in Google Chrome to run scripts in the background without interfering with the user interface. CVE-2022-3888 is a vulnerability in WebCodecs in Google Chrome, which is used to allow low-level access to media encoders and decoders.

$7,000 to $21,000 in error payments

At the same time, CVE-2022-3889 is a vulnerability in V8 that supplies the program with faulty code. Each of these vulnerabilities could allow attackers to exploit heat corruption flaws.

The latest publicly listed vulnerability is CVE-2022-3890, a buffer overflow in Google Chrome’s Crashpad on Android that could allow a remote attacker to escape the sandbox, potentially allowing them to elevate their privileges in a host environment.

“We also want to thank all the security researchers who worked with us during the development cycle to prevent security bugs from ever reaching the stable channel,” said Google, which paid out bug bounties. Ranging from $7,000 to $21,000 to the researchers who discovered them.

Users are advised to apply Google Chrome security patch 107.0.5304.110 for Mac and Linux and 107.0.5304.106/.107 for Windows as soon as it becomes available to protect systems against potential attacks.

Source: “ZDNet.com”

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Tags