The CISA (United States Cybersecurity & Infrastructure Agency) advises to quickly update Google Chrome.
The latest version of the Chrome browser, called 102.0.5005.115, fixes seven security flaws. Google teams consider four of them to be “high risk”. Without updating, users expose their Windows, Mac and Linux system to these threats.
Clearly, according to an alert from the United States Cybersecurity & Infrastructure Agency (CISA), attackers are exploiting vulnerabilities in Google Chrome for Windows, Mac, and Linux to take control of an affected system. “CISA encourages users and admins to review the Chrome release note and apply any necessary updates”, can we read in the alert. The four vulnerabilities designated as “high risk) are CVE-2022-2007, CVE-2022-2008, CVE-2022-20010 and CVE-2022-2011.
Four high-risk vulnerabilities
CVE-2022-2007 and CVE-2022-2011 are Use-After-Free (UAF) vulnerabilities. This type of vulnerability is related to the incorrect use of dynamic random access memory (DRAM) during program operation. Attackers take advantage of this incorrect use to hack the program. The first vulnerability is located in WebGPU and the second in Angle. Namely that WebGPU is the successor of WebGL, a set of APIs specialized in rendering images. Angle, for “Almost Native Graphics Layer Engine”, develops graphics drivers for Chrome.
Finally, CVE-2022-2008 and CVE-2022-2010 are out of bounds vulnerabilities. Attackers use it to read sensitive information to which they normally do not have access.
As usual, Chrome is waiting for the majority of its users to be protected before revealing details on how to exploit these flaws.
To verify that your browser has performed the automatic update in the background, you must go to the “More” icon, then click on “Help” and “About Google Chrome”. The page then displays the version currently installed, and, if it is not the latest, offers to perform one.
Follow Geeko on Facebook, Youtube and Instagram to not miss any news, tests and tips.