Google this week announced the release of Chrome 107 to the stable channel, with patches for 14 vulnerabilities, including high-severity bugs reported by external researchers.
A total of ten security bugs were reported externally: three high-severity, six medium-severity, and one low-severity issues.
To exploit these flaws, a remote attacker needs to trick a user into accessing a specially crafted webpage in a vulnerable browser. Successful exploitation could allow the attacker to execute arbitrary code or cause a denial-of-service (DoS) condition on the affected system.
Based on the paid bug bounty rewards, the most severe of these externally reported security defects is CVE-2022-3652, which is described as a type confusion in the V8 open source JavaScript and WebAssembly engine. Google says it has paid $20,000 to the reporting researcher.
Next in line is CVE-2022-3653, a heap-buffer overflow vulnerability in the Vulkan hardware acceleration engine. Google says it has handed out a $17,000 reward to the researcher who identified it.
The third high-severity vulnerability resolved with this browser release is CVE-2022-3654, a use-after-free issue in Layout. Google says it has yet to determine the amount to be paid for it.
The internet giant has awarded a total of $17,000 for the six externally reported medium-severity vulnerabilities that Chrome 107 resolves.
These include a heap buffer overflow in Media Galleries, insufficient data validation in File System, an inappropriate implementation in full screen mode, and use-after-free bugs in Extensions, Feedback service on Chrome OS, and Accessibility.
An additional $3,000 was paid for the low-severity issue, for a total of $54,000, but the total amount might be much higher, once Google announces the reward for the third high-severity vulnerability.
The latest Chrome iteration is now rolling out to Mac, Linux, and Windows users as versions 107.0.5304.62, 107.0.5304.68, and 107.0.5304.62/63, respectively.
Related: Chrome 106 Update Patches Several High-Severity Vulnerabilities
Related: Chrome 106 Patches High-Severity Vulnerabilities
Related: Chrome 105 Update Patches High-Severity Vulnerabilities
More from Ionut Arghire
- Atlassian Warns of Critical Jira Service Management Vulnerability
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Malicious NPM, PyPI Packages Stealing User Information
- Boxx Insurance Raises $14.4 Million in Series B Funding
Latest News
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- China Says It’s Looking Into Report of Spy Balloon Over US
- GoAnywhere MFT Users Warned of Zero-Day Exploit
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
