Google this week announced the release of Chrome 107 to the stable channel, with patches for 14 vulnerabilities, including high-severity bugs reported by external researchers.
A total of ten security bugs were reported externally: three high-severity, six medium-severity, and one low-severity issues.
To exploit these flaws, a remote attacker needs to trick a user into accessing a specially crafted webpage in a vulnerable browser. Successful exploitation could allow the attacker to execute arbitrary code or cause a denial-of-service (DoS) condition on the affected system.
Next in line is CVE-2022-3653, a heap-buffer overflow vulnerability in the Vulkan hardware acceleration engine. Google says it has handed out a $17,000 reward to the researcher who identified it.
The third high-severity vulnerability resolved with this browser release is CVE-2022-3654, a use-after-free issue in Layout. Google says it has yet to determine the amount to be paid for it.
The internet giant has awarded a total of $17,000 for the six externally reported medium-severity vulnerabilities that Chrome 107 resolves.
These include a heap buffer overflow in Media Galleries, insufficient data validation in File System, an inappropriate implementation in full screen mode, and use-after-free bugs in Extensions, Feedback service on Chrome OS, and Accessibility.
An additional $3,000 was paid for the low-severity issue, for a total of $54,000, but the total amount might be much higher, once Google announces the reward for the third high-severity vulnerability.
The latest Chrome iteration is now rolling out to Mac, Linux, and Windows users as versions 107.0.5304.62, 107.0.5304.68, and 107.0.5304.62/63, respectively.