In its latest security alert, Google confirmed the release of updates to address seven vulnerabilities in the Chrome browser, including four bugs considered critical and that could put the millions of users of this tool at risk.
Tracked as CVE-2022-2007, the most severe of these flaws was described as a use-after-free error in WebGPU whose exploitation would allow malicious hackers to abuse the incorrect use of dynamic memory during Chrome execution. Another flaw of similar severity is CVE-2022-2008, an out-of-bounds memory access error that would allow threat actors to access sensitive information.
Other bugs addressed in the latest version of Chrome are an out-of-bounds read in the browser’s composition component (CVE-2022-2010); and a use-after-free bug in ANGLE, an open-source platform employed in Chrome backend (CVE-2022-2011).
Full details about potential exploit attempts and available exploits won’t be revealed until Google deems it’s been enough time for Chrome users to update their implementation. While CVE-2022-2010 was identified by Google Project Zero, the rest of the bugs fixed were reported by independent researchers through Google’s vulnerability bounty program, garnering prizes of about $10,000.
Google concluded by thanking all members of the cybersecurity community who participated in the reports, emphasizing that proper vulnerability reporting is one of the main ways to prevent the exploitation of unknown vulnerabilities.
The report was also referenced by the U.S. National Cybersecurity & Infrastructure Security Agency (CISA), which mentions that a threat actor could exploit these vulnerabilities to take full control of Windows, macOS, and Linux systems.
Both the Agency and the tech giant have asked browser users to update to the latest version available (102.0.5005.115) and thus mitigate the risk of exploitation as soon as possible.
Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.