Time to Update: Google Patches Seven Bugs on Chrome

The Indian Computer Emergency Response Team (CERT-In) had recently advised enterprises around security issues on Google’s Chrome and the FireFox browsers. Looks like there’s more work coming their way as the US Cybersecurity and Infrastructure Agency (CISA) has warned of new security vulnerabilities that could result in a DDoS. 

On its part, Google has already released updates for its Chrome browser that fixes seven security vulnerabilities of which four were classified as high-risk by the CISA. Business owners would be well-advised to patch these updates the moment they become available in their regions – in this case India. 

The CISA alert says the vulnerabilities could result in attacks on Chrome for Windows, Mac as well as Linux. In a blog post, Google says the latest version of Google Chrome (102.0.5005.115) is available for download).

The latest vulnerabilities

The highest risks are associated with CVE-2022-2007, a use-after-free (UAF) vulnerability in WebGPU, which allows attackers to exploit incorrect use of dynamic memory during program operation to hack the program, and CVE-2022-2008, an out-of-bounds memory access vulnerability in WebGL, a JavaScript API used in Google Chrome. An out-of-bounds vulnerability enables attackers to read sensitive information they shouldn’t have access to. 

The other high-risk vulnerabilities in Google Chrome that the security update fixes are CVE-2022-2010, an out-of-bounds read vulnerability in Chrome’s compositing component and CVE-2022-2011, a UAF vulnerability in ANGLE, an open source, cross-platform graphics engine abstraction layer used in the backend of Chrome. 

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” said the Google blog post about the Chrome release.