{"id":50362,"date":"2022-06-14T15:40:06","date_gmt":"2022-06-14T15:40:06","guid":{"rendered":"https:\/\/harchi90.com\/time-to-update-google-patches-seven-chrome-browser-bugs-four-rated-high-risk\/"},"modified":"2022-06-14T15:40:06","modified_gmt":"2022-06-14T15:40:06","slug":"time-to-update-google-patches-seven-chrome-browser-bugs-four-rated-high-risk","status":"publish","type":"post","link":"https:\/\/harchi90.com\/time-to-update-google-patches-seven-chrome-browser-bugs-four-rated-high-risk\/","title":{"rendered":"Time to update: Google patches seven Chrome browser bugs, four rated ‘high’ risk"},"content":{"rendered":"\n
\n
\n
\n
\n
<\/svg><\/div>\n

<\/div>\n<\/div>\n<\/div>\n

Google has released updates for Chrome to fix seven security vulnerabilities – including four classed as high risk – discovered in the browser used by millions around the world. <\/p>\n

According to an alert by the United States Cybersecurity & Infrastructure Agency (CISA), attackers could exploit the vulnerabilities in Google Chrome for Windows, Mac and Linux “to take control of an affected system”.<\/p>\n

CISA encourages users to update to the latest version of Google Chrome – 102.0.5005.115 – to prevent the security vulnerabilities from being exploited. <\/p>\n

IF IT’S: <\/strong>A winning strategy for cybersecurity<\/strong> (ZDNet special report)<\/strong><\/strong><\/p>\n

The high-risk vulnerabilities are CVE-2022-2007, a Use-After-Free (UAF) vulnerability in WebGPU, which allows attackers to exploit incorrect use of dynamic memory during program operation to hack the program, and CVE-2022-2008, an out-of-bounds memory access vulnerability in WebGL, a JavaScript API used in Google Chrome. An out-of-bounds vulnerability enables attackers to read sensitive information they shouldn’t have access to. <\/p>\n

The other high-risk vulnerabilities in Google Chrome that the security update fixes are CVE-2022-2010, an out-of-bounds read vulnerability in Chrome’s compositing component and CVE-2022-2011, a UAF vulnerability in ANGLE, an open source, cross-platform graphics engine abstraction layer used in the backend of Chrome. <\/p>\n

Full details of how attackers can exploit the high-risk vulnerabilities have yet to be disclosed, in accordance with Google’s policy of waiting for most users to apply the updates before revealing more. <\/p>\n

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed, “said the Google blog post about the Chrome release. <\/p>\n

CVE-2022-2010 was uncovered by Google’s Project Zero research team, while the others were discovered by independent security researchers. Security researcher David Manouchehri received a bug bounty of $ 10,000 for disclosing CVE-2022-2007. Bug bounties for the researchers who discovered CVE-2022-2008 and CVE-2022-2011 are yet to be determined. <\/p>\n

“We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel,” said Google. <\/p>\n

MORE ON CYBERSECURITY<\/strong><\/h3>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Google has released updates for Chrome to fix seven security vulnerabilities – including four classed as high risk – discovered in the browser used by millions around the world. According to an alert by the United States Cybersecurity & Infrastructure Agency (CISA), attackers could exploit the vulnerabilities in Google Chrome for Windows, Mac and Linux …<\/p>\n

Time to update: Google patches seven Chrome browser bugs, four rated ‘high’ risk<\/span> Read More »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[9],"tags":[],"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"fifu_image_url":"https:\/\/www.zdnet.com\/a\/img\/resize\/8c52dabfa84c18fb36e6a1c8df1b1503e225aea3\/2022\/06\/13\/32e6d9cf-39f6-4b2a-9ecf-1442c37d6a98\/gettyimages-a-man-looking-concerned-and-worried-at-his-laptop-while-sitting-in-an-office.jpg?auto=webp&fit=crop&height=675&width=1200","_links":{"self":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/50362"}],"collection":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/comments?post=50362"}],"version-history":[{"count":0,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/50362\/revisions"}],"wp:attachment":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/media?parent=50362"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/categories?post=50362"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/tags?post=50362"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}