Google has released a security update for its Google Chrome browser on Windows, Mac and Linux to fix ten security flaws, some of which could allow attackers to take down vulnerable systems remotely.
Google has detailed some of the fixes in a Google Chrome update article.
In total, the latest Google Chrome update includes 10 security updates – which are also available for Google Chrome on mobile devices, unless otherwise noted. Six of these updates have been classified as “high severity”. This means updates should be applied as soon as possible.
“heap corrupt”
The vulnerabilities could allow a remote attacker to exploit a “corrupt heap” via an HTML page. Corruption affects the “heap”, an area of pre-reserved computer memory that a program uses to store a variable amount of data. This corruption can cause memory to fail to the point of causing a crash.
CVE-2022-3885 is a vulnerability in V8, the open-source JavaScript engine developed by the Chromium project for Google Chrome and Chromium web browsers, which could cause this heap heap corruption, while CVE-2022-3886 is a vulnerability in speech recognition in Google Chrome which can be exploited for the same effect.
CVE-2022-3887 is a vulnerability in Web Workers, which is used in Google Chrome to run scripts in the background without interfering with the user interface. CVE-2022-3888 is a vulnerability in WebCodecs in Google Chrome, which is used to provide low-level access to media encoders and decoders.
$7,000 to $21,000 in bug bounties paid
At the same time, CVE-2022-3889 is a vulnerability in V8, providing the program with erroneous code. Each of these vulnerabilities could allow attackers to exploit heat corruption flaws.
The latest vulnerability to be publicly listed is CVE-2022-3890, a buffer overflow in Google Chrome’s Crashpad on Android, which could allow a remote attacker to escape the sandbox, potentially allowing them to elevate its privileges throughout a host environment.
“We also want to thank all of the security researchers who worked with us during the development cycle to keep security bugs from ever reaching the stable channel,” said Google, which paid out bug bounties. ranging from $7,000 to $21,000 to the researchers who discovered them.
Users are recommended to apply Google Chrome security patch 107.0.5304.110 for Mac and Linux and 107.0.5304.106/.107 for Windows as soon as it becomes available to protect systems from potential attacks.
Source: “ZDNet.com”