New Google Chrome Security Update Fixes 6 High Severity Bugs
A total of 10 security vulnerabilities have been addressed in the latest Google Chrome update, some of which could allow remote cyber attackers to crash your PC.
Google has released a security update for its Google Chrome browser on Windows, Mac and Linux.
The update fixes 10 security vulnerabilities, some could allow remote attackers to crash vulnerable systems.
Google has detailed some of the fixes in a Google Chrome release update.
However, Google is currently withholding full details about many of the issues until most users have applied the updates, which are due to roll out over the coming days and weeks.
In total, the latest Google Chrome update includes 10 security updates, which are also available for Google Chrome on mobile devices unless otherwise indicated.
Six of the updates have been classified as ‘high severity’. That means the updates should be applied as soon as possible.
The vulnerabilities could potentially enable a remote attacker to exploit ‘heap corruption’ via a crafted HTML page.
The corruption affects the ‘heap’, an area of pre-reserved computer memory that a program uses to store a variable amount of data.
Heap corruption occurs when a program damages the view of the heap, which can result in a memory fault to the extent it could cause a crash.
CVE-2022-3885 is a vulnerability in V8, the open-source JavaScript engine developed by the Chromium Project for Google Chrome and Chromium web browsers that could cause heat corruption.
While CVE-2022-3886 is a vulnerability in Speech Recognition in Google Chrome, it can be exploited for the same effect.
CVE-2022-3887 is a vulnerability in Web Workers, which is used in Google Chrome to run scripts in the background without interfering with the user interface.
CVE-2022-3888 is a vulnerability in WebCodecs in Google Chrome, which is used to provide low-level access to media encoders and decoders.
Meanwhile, CVE-2022-3889 is a type confusion vulnerability in V8, providing the program with the wrong code.
Each of these Google Chrome vulnerabilities can allow cyber attackers to exploit heat corruption vulnerabilities.
The last of the vulnerabilities to have been listed publicly Is CVE-2022-3890, a heap buffer overflow in Crashpad in Google Chrome on Android.
The flaw could allow a remote attacker to perform a sandbox escape, potentially enabling them to escalate privileges across an entire host environment.
“We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel,” said Google.
Google has paid bug bounty rewards of between $7,000 and $21,000 to the researchers who discovered these security flaws.
Users should apply the Google Chrome security patch for:
- 107.0.5304.110 for Mac and Linux
- 107.0.5304.106/.107 for Windows when it becomes available