Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Google Patches 14 Vulnerabilities With Release of Chrome 103

Google this week announced the release of Chrome 103 to the stable channel with patches for a total of 14 vulnerabilities, including nine reported by external researchers.

The most severe of these bugs is CVE-2022-2156, which is described as a critical-severity use-after-free issue in Base.

Google this week announced the release of Chrome 103 to the stable channel with patches for a total of 14 vulnerabilities, including nine reported by external researchers.

The most severe of these bugs is CVE-2022-2156, which is described as a critical-severity use-after-free issue in Base.

The security flaw was identified by Mark Brand of Google Project Zero. Per Google’s policy, no bug bounty reward will be handed out for this vulnerability.

Leading to arbitrary code execution, corruption of data, or denial of service, use-after-free flaws are triggered when a program frees memory allocation but does not clear the pointer after that.

If combined with other security holes, use-after-free bugs can lead to full system compromise. In Chrome, they can often be exploited to escape the browser’s sandbox.

Chrome 103 resolves three other use-after-free vulnerabilities found by external researchers, impacting components such as Interest groups (CVE-2022-2157, high severity), WebApp Provider (CVE-2022-2161, medium severity), and Cast UI and Toolbar (CVE-2022-2163, low severity).

The latest Chrome update also resolves an externally-reported high-severity type confusion flaw in the V8 JavaScript and WebAssembly engine (CVE-2022-2158), along with four other medium- and low-severity issues.

Google says it has paid out a total of $44,000 in bug bounty rewards to the reporting researchers. The internet giant makes no mention of any of these vulnerabilities being exploited in attacks.

Advertisement. Scroll to continue reading.

The latest Chrome release is currently rolling out to Windows, Mac, and Linux users as version 103.0.5060.53.

Related: Chrome 102 Update Patches High-Severity Vulnerabilities

Related: Chrome 102 Patches 32 Vulnerabilities

Related: Chrome 101 Update Patches High-Severity Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.