Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Chrome 106 Update Patches Several High-Severity Vulnerabilities

Google announced on Tuesday that the latest Chrome update patches six high-severity vulnerabilities, including four use-after-free bugs.

All the newly resolved vulnerabilities were discovered by external researchers and the internet giant has handed out $38,000 in bug bounty rewards to the reporters.

Google announced on Tuesday that the latest Chrome update patches six high-severity vulnerabilities, including four use-after-free bugs.

All the newly resolved vulnerabilities were discovered by external researchers and the internet giant has handed out $38,000 in bug bounty rewards to the reporters.

Based on the bug bounty amounts that Google has paid out, the most severe of the newly addressed flaws is CVE-2022-3445, a use-after-free vulnerability in Skia, the open-source 2D graphics library that serves as Chrome’s graphics engine.

Google says in its advisory that it has paid a $15,000 bug bounty reward to Nan Wang and Yong Liu of Qihoo 360 for reporting the issue last month.

Another $13,000, Google says, has been handed out to Kaijie Xu for reporting CVE-2022-3446, a heap buffer overflow in WebSQL.

Additionally, the internet giant paid $7,500 to Narendra Bhati of Suma Soft, who reported an inappropriate implementation in Custom Tabs (CVE-2022-3447), and $2,500 to a Kunlun Lab researcher who reported a use-after-free flaw in Permissions API (CVE-2022-3448).

Two other use-after-free vulnerabilities were resolved in Safe Browsing (CVE-2022-3449) and Peer Connection (CVE-2022-3450), but Google has yet to disclose the bug bounty amount.

Technical details on the addressed issues will not be released until the majority of Chrome users have installed the update.

The latest Chrome iteration is now rolling out to Windows, Mac, and Linux users as version 106.0.5249.119.

Google makes no mention of any of the newly addressed security defects being exploited in attacks.

Related: Chrome 106 Patches High-Severity Vulnerabilities

Related: Chrome 105 Update Patches High-Severity Vulnerabilities

Related: Google Patches Sixth Chrome Zero-Day of 2022

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.