Google Chrome security update fixes ‘high risk’ flaws


Image: Shutterstock

Google has released security updates for Google Chrome browser for Windows, Mac and Linux, addressing vulnerabilities that could allow a remote attacker to take control of systems. 

There are 11 fixes in total, including five that are classed as high-severity. As a result, CISA has issued an alert encouraging IT administrators and regular users to install the updates as soon as possible to ensure their systems are not vulnerable to the flaws. 

Among the most severe vulnerabilities that are patched by the Google Chrome update is CVE-2022-2477, a vulnerability caused by a use-after-free flaw in Guest View, which could allow a remote attacker to execute arbitrary code on systems or crash them. 

SEE: What, exactly, is cybersecurity? And why does it matter?

Use-after-free is a vulnerability as a result of the incorrect use of dynamic memory during the operation of an application, freeing a memory location in error – something that an attacker can exploit. 

Another of the vulnerabilities, CVE-2022-2480, relates to a use-after-free flaw in the Service Worker API, which which acts as a proxy server that sit between web applications, the browser and the network in order to improve offline experiences, among other things. 

The specific functionality that this vulnerability relates to has yet to be disclosed, but it can lead to a memory corruption flaw if abused, which can be used to crash systems or execute code – essentially allowing attackers to install malware or otherwise abuse the system.  

It requires some sort of user interaction but, as with many of the vulnerabilities disclosed in this update, the full details are yet to be made public. According to Google, this is because they’re waiting for users to apply the updates first, so they’re protected from anybody trying to exploit them. 

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” the Chrome team said in the update. 

“We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel,” they added. 

CISA warns that the fixes relate to “vulnerabilities that an attacker could exploit to take control of an affected system” and that the updates should be applied as soon as possible. 


For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.