Time to update: Google patches seven Chrome browser bugs, four rated 'high' risk

Google has released updates for Chrome to fix seven security vulnerabilities – including four classed as high risk – discovered in the browser used by millions around the world. 

According to an alert by the United States Cybersecurity & Infrastructure Agency (CISA), attackers could exploit the vulnerabilities in Google Chrome for Windows, Mac and Linux “to take control of an affected system”.

CISA encourages users to update to the latest version of Google Chrome – 102.0.5005.115 – to prevent the security vulnerabilities from being exploited. 

The high-risk vulnerabilities are CVE-2022-2007, a Use-After-Free (UAF) vulnerability in WebGPU, which allows attackers to exploit incorrect use of dynamic memory during program operation to hack the program, and CVE-2022-2008, an out-of-bounds memory access vulnerability in WebGL, a JavaScript API used in Google Chrome. An out-of-bounds vulnerability enables attackers to read sensitive information they shouldn’t have access to. 

The other high-risk vulnerabilities in Google Chrome which the security update fixes are CVE-2022-2010, an out-of-bounds read vulnerability in Chrome’s compositing component and CVE-2022-2011, a UAF vulnerability in ANGLE, an open source, cross-platform graphics engine abstraction layer used in the backend of Chrome. 

SEE: A winning strategy for cybersecurity (ZDNet special report)

Full details of how attackers can exploit the high-risk vulnerabilities

Read More: https://www.zdnet.com/article/time-to-update-google-patches-seven-chrome-browser-bugs-four-rated-high-risk/#ftag=RSSbaffb68