Google Chrome update fixes four severe security flaws

Google’s latest Chrome update — version 102.0.5005.115 — for Windows, Mac, and Linux fixes seven security flaws, four of which are marked highly severe.

The four high-risk security issues are tracked as CVE-2022-2007, CVE-2022-2008, CVE-2022-2010, and CVE-2022-2011, Google revealed in a blog post.

While the company has provided some information on the four highly severe vulnerabilities, it restricts access to full bug details.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said.

“We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”

The vulnerability tracked as CVE-2022-2007 relates to a Use-After-Free (UAF) vulnerability in the WebGPU API, and malicious actors can exploit the incorrect use of dynamic memory to attack vulnerable systems.

The CVE-2022-2011 vulnerability also relates to a UAF flaw, but it is specific to Chrome’s ANGLE engine abstraction layer.

The other vulnerabilities, CVE-2022-2008 and CVE-2022-2010, relate to out-of-bounds memory access and read flaws in WebGL and compositing, respectively.

Google said the update would roll out to Windows, Mac, and Linux users over the coming days and weeks.

Now read: Telegram announces Premium subscriptions