Google this week announced the release of a Chrome browser update that resolves seven vulnerabilities, including four issues reported by external researchers.
Tracked as CVE-2022-2007, the first of these bugs is described as a use-after-free in WebGPU. The security hole was reported by David Manouchehri, who received a $10,000 bug bounty reward for his finding.
Use-after-free issues are triggered when a program doesn’t clear the pointer after freeing memory allocation, and can be exploited for arbitrary code execution, denial of service, or data corruption, potentially leading to system compromise, if combined with other vulnerabilities. In the case of Chrome, they often lead to a sandbox escape.
Another use-after-free vulnerability addressed with this Chrome update is CVE-2022-2011, a flaw identified in ANGLE, Chrome’s graphics engine abstraction layer. The bug was reported by SeongHwan Park.
The latest Chrome update also resolves CVE-2022-2008, an out-of-bounds memory access in WebGL, which was reported by VinCSS Cybersecurity researcher Tran Van Khang.
Google says it has yet to determine the bug bounty amounts to be paid for these two vulnerabilities.
The fourth externally reported vulnerability addressed with this browser update is CVE-2022-2010, an out-of-bounds read in compositing, which was reported by Mark Brand of Google Project Zero. As per Google’s policies, the researcher won’t be awarded a bug bounty.
The latest Chrome iteration is now rolling out to Windows, Mac, and Linux users as version 102.0.5005.115.
Google made no mention of any of these vulnerabilities being exploited in the wild, but users are advised to update their browsers as soon as possible.
Three Chrome vulnerabilities are known to have been exploited in attacks so far this year.
Related: Chrome 102 Patches 32 Vulnerabilities
Related: Chrome 101 Update Patches High-Severity Vulnerabilities
Related: Chrome 101 Patches 30 Vulnerabilities

More from Ionut Arghire
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
Latest News
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
