Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Google Patches 27 Vulnerabilities With Release of Chrome 98

Google on Tuesday announced the release of Chrome 98 in the stable channel with a total of 27 security fixes inside, including 19 for vulnerabilities reported by external researchers.

The most severe of these security defects could be exploited to execute arbitrary code with the same privileges as the Chrome browser has on the target system.

Google on Tuesday announced the release of Chrome 98 in the stable channel with a total of 27 security fixes inside, including 19 for vulnerabilities reported by external researchers.

The most severe of these security defects could be exploited to execute arbitrary code with the same privileges as the Chrome browser has on the target system.

Of the 19 flaws, eight carry a severity rating of high, 10 are considered medium severity, and one low risk. More than half of the externally reported vulnerabilities addressed in this release are use-after-free bugs.

The most important of these issues are CVE-2022-0452 and CVE-2022-0453, two use-after-free bugs in safe browsing and reader mode. The reporting researchers were awarded $20,000 rewards each, Google says in its advisory.

[READ: Google Pays Out Over $100,000 for Chrome Vulnerabilities]

The company also reveals that it has paid $12,000 for a heap buffer overflow in ANGLE (CVE-2022-0454), $7,500 for inappropriate implementation in full screen mode (CVE-2022-0455), $7,000 for a use-after-free in web search (CVE-2022-0456), and $5,000 for a type confusion in V8 (CVE-2022-0457).

Two other high-severity use-after-free issues were addressed, one in thumbnail tab strip (CVE-2022-0458) and another in screen capture (CVE-2022-0459).

Six of the medium-severity flaws patched in Chrome 98 are use-after-free bugs (in window dialog, accessibility, extensions, payments, and cast), three are inappropriate implementations (in scroll, extensions, and pointer lock) and one is a policy bypass (in COOP).

Advertisement. Scroll to continue reading.

The low-severity vulnerability patched with this release is an out of bounds memory access in V8.

Google says it has paid $88,000 in bug bounty rewards to the reporting researchers, but has yet to announce the payouts for six for the resolved issues.

All these vulnerabilities were addressed with the release of Chrome 98.0.4758.80/81/82 for Windows and Chrome 98.0.4758.80 for macOS and Linux.

Related: Chrome 97 Patches 37 Vulnerabilities

Related: Chrome 96 Update Patches Exploited Zero-Day Vulnerability

Related: Google Patches Serious Use-After-Free Vulnerabilities in Chrome

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.