Google this week announced the first stable release of Chrome 105, which comes with patches for 24 vulnerabilities, including 13 use-after-free and heap buffer overflow bugs.
Twenty-one of the resolved security defects were reported by external researchers, including one critical-, eight high-, nine medium-, and three low-severity vulnerabilities.
A total of nine use-after-free issues were resolved with the latest browser update, the most important of which is a critical flaw in the Network Service component, reported by Google Project Zero researcher Sergei Glazunov, the company notes in an advisory.
Chrome 105 also patches five high-severity use-after-free vulnerabilities, impacting browser components such as WebSQL, Layout, PhoneHub, and Browser Tag.
Google says it handed out between $5,000 and $10,000 for four of the issues, but has yet to determine the amount to be paid for the fifth.
Other high-severity bugs the latest Chrome update resolves include a heap buffer overflow in Screen Capture, an inappropriate implementation in Site Isolation, and an insufficient validation of untrusted input in V8.
Three of the medium-severity flaws that Chrome 105 patches are heap buffer overflow bugs, two are use-after-free issues, two insufficient policy enforcements, and two inappropriate implementations.
Google says it has paid more than $60,000 in bug bounty rewards to the reporting researchers, but the internet giant has yet to determine the amount to be paid for five of the bugs and the total amount could be higher.
The latest browser iteration is now rolling out to Mac and Linux users as Chrome 105.0.5195.52 and to Windows users as Chrome 105.0.5195.52/53/54.
Google made no mention of any of these vulnerabilities being exploited in malicious attacks.
So far this year, there have been five documented Chrome zero-day vulnerabilities exploited in attacks. The most recent of them was addressed roughly two weeks ago.
Related: Google Paid Out $90,000 for Vulnerabilities Patched by Chrome 104
Related: Chrome 103 Update Patches High-Severity Vulnerabilities
Related: Emergency Chrome 103 Update Patches Actively Exploited Vulnerability
Related: Google Patches Third Actively Exploited Chrome Zero-Day of 2022
More from Ionut Arghire
- Australian Man Sentenced for Scam Related to Optus Hack
- Chrome 110 Patches 15 Vulnerabilities
- Tor Network Under DDoS Pressure for 7 Months
- Russian Admits in US Court to Laundering Money for Ryuk Ransomware Gang
- Patient Information Compromised in Data Breach at San Diego Healthcare Provider
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- Vulnerability Provided Access to Toyota Supplier Management Network
- Linux Variant of Cl0p Ransomware Emerges
Latest News
- Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras
- ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware
- Minister: Cybercrimes Now 20% of Spain’s Registered Offenses
- Skybox Security Raises $50M, Hires New CEO
- Spies, Hackers, Informants: How China Snoops on the US
- Australian Man Sentenced for Scam Related to Optus Hack
- Chrome 110 Patches 15 Vulnerabilities
- Application Security Protection for the Masses
