New Google Chrome Update Fixes Key Security Vulnerabilities
A new fix for the Google Chrome browser is fixing seven critical security vulnerabilities.
A new fix for the Google Chrome browser is fixing seven critical security vulnerabilities.
Four of these vulnerabilities were termed high-risk by the U.S. Cybersecurity & Infrastructure Agency (CISA).
Four of these vulnerabilities were termed high-risk by the U.S. Cybersecurity & Infrastructure Agency (CISA).
The agency is asking all users to download the newest iteration of Chrome (v102.0.5005.115) to keep themselves protected.
The agency is asking all users to download the newest iteration of Chrome (v102.0.5005.115) to keep themselves protected.
The new Chrome fix is available for Windows, Mac, and Linux users affected by these vulnerabilities
According to CISA, these vulnerabilities on Chrome are present on Windows, Linux, and Mac versions of the browser.
According to CISA, these vulnerabilities on Chrome are present on Windows, Linux, and Mac versions of the browser.
So users who have auto-update enabled for Chrome should be safe already.
So users who have auto-update enabled for Chrome should be safe already.
Among the high-risk vulnerabilities are
1. CVE-2022-2007
2. CVE-2022-2008
3. CVE-2022-2010
4. CVE-2022-2011.
Among the high-risk vulnerabilities are1. CVE-2022-20072. CVE-2022-20083. CVE-2022-20104. CVE-2022-2011.
The CVE-2022-2007 is a UAF (Use-After-Free) vulnerability present in WebGPU, enabling attackers to exploit the wrong use of dynamic memory during program operation and eventually hack the program.
The CVE-2022-2007 is a UAF (Use-After-Free) vulnerability present in WebGPU, enabling attackers to exploit the wrong use of dynamic memory during program operation and eventually hack the program.
Meanwhile, Google defines CVE-2022-2008 as “Out of bounds memory access in WebGL.”
Meanwhile, Google defines CVE-2022-2008 as “Out of bounds memory access in WebGL.”
CVE-2022-2010 is an out-of-bounds read vulnerability within the browser.
CVE-2022-2010 is an out-of-bounds read vulnerability within the browser.
The fourth high-risk vulnerability, CVE-2022-2011, is a UAF vulnerability within the cross-platform graphics engine extraction layer (ANGLE).
The fourth high-risk vulnerability, CVE-2022-2011, is a UAF vulnerability within the cross-platform graphics engine extraction layer (ANGLE).
Google isn’t offering the full picture of how attackers could exploit the vulnerability.
Google isn’t offering the full picture of how attackers could exploit the vulnerability.
The CISA added 36 security vulnerabilities to its catalog last week
Last week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 36 new security vulnerabilities to its lengthy catalog.
Last week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 36 new security vulnerabilities to its lengthy catalog.
These newly discovered vulnerabilities belong to a varied group of companies and brands, including Adobe, Cisco, Google, Microsoft, Netgear, and QNAP, etc.
These newly discovered vulnerabilities belong to a varied group of companies and brands, including Adobe, Cisco, Google, Microsoft, Netgear, and QNAP, etc.