Update Chrome now: Four high risk vulnerabilities found
Users of Chrome have been advised to apply updates as soon as possible related to seven security vulnerabilities. CISA has also warned that the vulnerabilities could be used to take control of affected systems. Although no detailed explanation of how these vulnerabilities work has been released, there is enough out there to encourage users to apply the patches.
Chrome 102.0.5005.115 is due to roll out over the coming days/weeks. This is for all users regardless of whether they use Windows, Linux, or Mac.
The vulnerabilities
Four of the seven issues have been rated as high risk.
CVE-2022-2007: Use after free in WebGPU. This can allow manipulation of the memory layer of the browser, with the possibility of remote code execution as per an older example.
CVE-2022-2008: Out of bounds memory access in WebGL.
CVE-2022-2010: Out of bounds read in compositing. According to reports, the attack may be initiated remotely and no form of authentication is required for exploitation, but some form of user interaction is required.
CVE-2022-2011: Use after free in ANGLE. Almost Native Graphics Layer Engine (ANGLE) is an “open source, cross-platform graphics engine abstraction layer” which was developed by Google.
Next steps
More details likely won’t be forthcoming for a while yet, so it’s crucial to apply updates as soon as possible.
In Chrome, click the More icon, then Help -> About Google Chrome. From here, you’ll be able to see your current update status and apply the update as required.
This should be all you need to do to keep the above security vulnerabilities at bay.
The post Update Chrome now: Four high risk vulnerabilities found appeared first on Malwarebytes Labs.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.