CISA Recommends Organizations Update to the Latest Version of Google Chrome

  /     /     /  
Publicated : 23/11/2024   Category : security


CISA Recommends Organizations Update to the Latest Version of Google Chrome


Google last week reported seven vulnerabilities in the browser, four of which it rated as high severity.



The US Cybersecurity and Infrastructure Agency (CISA) Friday urged users and administrators to update to a new version of Chrome that Google released last week to fix a total of seven vulnerabilities in its browser.
In an advisory, Google described four of the flaws — three of which were reported to the company by external researchers — as presenting a high risk for organizations. The company said it had decided to restrict access to bug details until most users have updated to the new version of Chrome (102.0.5005.115).
One of the vulnerabilities is a so-called use after free issue in the WebGPU application programming interface for
functions such as computation and rendering on a Graphics Processing Unit
. The bug (CVE-2022-2007) is remotely exploitable and can have an impact on the confidentiality, integrity, and availability of affected systems, according to a
description of the flaw
on vulnerability database VulDB. No form of authentication is needed for exploitation. It demands that the victim is doing some kind of user interaction, VulDB noted.
Google awarded $10,000 to the security researcher who reported the flaw to the company in May. VulDB estimated the price for an exploit for the flaw to be between $5,000 and $25,000 currently, though that could go up soon, it noted.
The second flaw is an out-of-bounds memory access use in the WebGL API for rendering 2D and 3D graphics. Two researchers from Vietnamese firm VinCSS Internet Security Services reported the bug (CVE-2022-2008) in April. VulDB described the flaw as being
remotely exploitable
but requiring at least some user interaction by the victim. The flaw appears to be easily exploitable and requires no authentication, VulDB said. Googles advisory noted the reward for disclosing the vulnerability had yet to be determined.
The third high-severity vulnerability that the new Chrome version addresses (CVE-2022-2010) is an out-of-bound read issue in
compositing
or in rendering Web page content. A security researcher with Googles own Project Zero bug hunting team discovered the vulnerability in May. Like the other two flaws, this one also
affects the confidentiality, integrity, and availability
of affected systems, VulDB said.
The fourth high severity vulnerability that Google disclosed is a use-after-free issue that an external security researcher reported to the company in May. The flaw (CVE-2022-2011) exists in ANGLE, a function that Google describes as an
almost native Graphics Layer engine
in Chrome. The memory corruption vulnerability has a near identical impact as the other three, based on VulDBs description of the issue.
CISA urged organizations to review
Googles Chrome release note
and apply the update to mitigate risk. Google has released Chrome version 102.0.5005.115 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system, it said.
The seven flaws that Google addressed with its latest Chrome version is considerably smaller in number than some other recent Chrome-related bug disclosures from the company. A Chrome update that Google released on May 24
included fixes for 32 flaws
, one of which was rated as being of critical severity while seven others were rated as being highly critical. Another update, also in May,
contained fixes for 13 flaws
, eight of which the company rated as being of high severity.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CISA Recommends Organizations Update to the Latest Version of Google Chrome