Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Chrome 102 Update Patches High-Severity Vulnerabilities

Google this week announced the release of a Chrome browser update that resolves seven vulnerabilities, including four issues reported by external researchers.

Google this week announced the release of a Chrome browser update that resolves seven vulnerabilities, including four issues reported by external researchers.

Tracked as CVE-2022-2007, the first of these bugs is described as a use-after-free in WebGPU. The security hole was reported by David Manouchehri, who received a $10,000 bug bounty reward for his finding.

Use-after-free issues are triggered when a program doesn’t clear the pointer after freeing memory allocation, and can be exploited for arbitrary code execution, denial of service, or data corruption, potentially leading to system compromise, if combined with other vulnerabilities. In the case of Chrome, they often lead to a sandbox escape.

Another use-after-free vulnerability addressed with this Chrome update is CVE-2022-2011, a flaw identified in ANGLE, Chrome’s graphics engine abstraction layer. The bug was reported by SeongHwan Park.

The latest Chrome update also resolves CVE-2022-2008, an out-of-bounds memory access in WebGL, which was reported by VinCSS Cybersecurity researcher Tran Van Khang.

Google says it has yet to determine the bug bounty amounts to be paid for these two vulnerabilities.

The fourth externally reported vulnerability addressed with this browser update is CVE-2022-2010, an out-of-bounds read in compositing, which was reported by Mark Brand of Google Project Zero. As per Google’s policies, the researcher won’t be awarded a bug bounty.

The latest Chrome iteration is now rolling out to Windows, Mac, and Linux users as version 102.0.5005.115.

Advertisement. Scroll to continue reading.

Google made no mention of any of these vulnerabilities being exploited in the wild, but users are advised to update their browsers as soon as possible.

Three Chrome vulnerabilities are known to have been exploited in attacks so far this year.

Related: Chrome 102 Patches 32 Vulnerabilities

Related: Chrome 101 Update Patches High-Severity Vulnerabilities

Related: Chrome 101 Patches 30 Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Raffi Joukhadarian has been named Managing Director and Chief Financial Officer at MorganFranklin Cyber.

Data security firm Rubrik has appointed Kavitha Mariappan as its Chief Transformation Officer.

DARPA veteran Dan Kaufman has joined Badge as SVP, AI and Cybersecurity.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.