Chrome 102 Fixes Vulnerabilities of Extreme Severity
The first of these problems, CVE-2022-2007, is characterized as a use-after-free in WebGPU. David Manouchehri discovered the security flaw and got a $10,000 bug bounty for his discovery.
When software fails to remove the pointer after releasing memory, a use-after-free vulnerability is created, which may be exploited for arbitrary code execution, denial of service, or data corruption, potentially leading to system compromise if combined with additional vulnerabilities. They frequently result in a sandbox escape in Chrome.
CVE-2022-2011, a bug discovered in ANGLE, Chrome’s graphics engine abstraction layer, is another use-after-free vulnerability resolved by this Chrome release. SeongHwan Park found the problem and reported it.
CVE-2022-2008, an out-of-bounds memory access in WebGL that was discovered by VinCSS Cybersecurity researcher Tran Van Khang, is also fixed in the newest Chrome release.
According to Google, the bug bounty amounts for these two vulnerabilities have yet to be determined.
CVE-2022-2010, an out-of-bounds read in compositing, was reported by Mark Brand of Google Project Zero as the fourth externally reported vulnerability patched with this browser release. According to Google’s regulations, the researcher will not get a bug bounty.
Version 102.0.5005.115 of Google Chrome is now available for Windows, Mac, and Linux users.
Although Google claims that none of these flaws have been exploited in the wild, users are urged to upgrade their browsers as soon as possible.
Read this also: Twitter Communities Gets New Feed Sorting Options