Google this week announced the release of Chrome 106 to the stable channel with patches for 20 vulnerabilities, including 16 reported by external researchers.
Of the externally reported security bugs, five are rated ‘high’ severity, eight are ‘medium’ severity, and three are ‘low’ severity.
Half of these vulnerabilities are use-after-free bugs, which could lead to arbitrary code execution, denial of service, or data corruption. If combined with other vulnerabilities, the bugs could be exploited to achieve full system compromise.
In Chrome, use-after-free flaws can often be exploited for sandbox escapes, and Google earlier this month announced improved protections against the exploitation of these security holes.
Of the five high-severity issues that Chrome 106 resolves, four are use-after-free vulnerabilities impacting three browser components, namely CSS, Survey, and Media. The fifth is an insufficient validation of untrusted input in Developer Tools.
The latest browser release also resolves three medium-severity use-after-free vulnerabilities, which impact three other Chrome components: Assistant, Import, and Logging.
The browser update also resolves medium-severity insufficient policy enforcement in Developer Tools and Custom Tabs, insufficient validation of untrusted input in VPN, incorrect security UI in Full Screen, and a type confusion in Blink.
Google says it has paid out a total of over $38,000 in bug bounty rewards to the reporting researchers, but has yet to determine the amount to be handed out for half of the security flaws.
The internet giant makes no mention of any of the resolved vulnerabilities being exploited in attacks.
The latest Chrome iteration is now rolling out to macOS and Linux users as version 106.0.5249.61, and arrives on Windows computers as versions 106.0.5249.61/62.