Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Chrome 106 Patches High-Severity Vulnerabilities

Google this week announced the release of Chrome 106 to the stable channel with patches for 20 vulnerabilities, including 16 reported by external researchers.

Of the externally reported security bugs, five are rated ‘high’ severity, eight are ‘medium’ severity, and three are ‘low’ severity.

Google this week announced the release of Chrome 106 to the stable channel with patches for 20 vulnerabilities, including 16 reported by external researchers.

Of the externally reported security bugs, five are rated ‘high’ severity, eight are ‘medium’ severity, and three are ‘low’ severity.

Half of these vulnerabilities are use-after-free bugs, which could lead to arbitrary code execution, denial of service, or data corruption. If combined with other vulnerabilities, the bugs could be exploited to achieve full system compromise.

In Chrome, use-after-free flaws can often be exploited for sandbox escapes, and Google earlier this month announced improved protections against the exploitation of these security holes.

Of the five high-severity issues that Chrome 106 resolves, four are use-after-free vulnerabilities impacting three browser components, namely CSS, Survey, and Media. The fifth is an insufficient validation of untrusted input in Developer Tools.

The latest browser release also resolves three medium-severity use-after-free vulnerabilities, which impact three other Chrome components: Assistant, Import, and Logging.

The browser update also resolves medium-severity insufficient policy enforcement in Developer Tools and Custom Tabs, insufficient validation of untrusted input in VPN, incorrect security UI in Full Screen, and a type confusion in Blink.

Google says it has paid out a total of over $38,000 in bug bounty rewards to the reporting researchers, but has yet to determine the amount to be handed out for half of the security flaws.

Advertisement. Scroll to continue reading.

The internet giant makes no mention of any of the resolved vulnerabilities being exploited in attacks.

The latest Chrome iteration is now rolling out to macOS and Linux users as version 106.0.5249.61, and arrives on Windows computers as versions 106.0.5249.61/62.

Related: Google Improves Chrome Protections Against Use-After-Free Bug Exploitation

Related: Google Patches Sixth Chrome Zero-Day of 2022

Related: Chrome 105 Patches Critical, High-Severity Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Raffi Joukhadarian has been named Managing Director and Chief Financial Officer at MorganFranklin Cyber.

Data security firm Rubrik has appointed Kavitha Mariappan as its Chief Transformation Officer.

DARPA veteran Dan Kaufman has joined Badge as SVP, AI and Cybersecurity.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.