Users of Chrome have been advised to apply updatesas soon as possible related to seven security vulnerabilities. CISA has also warnedthat the vulnerabilities could be used to take control of affected systems. Although no detailed explanation of how these vulnerabilities work has been released, there is enough out there to encourage users to apply the patches.
Chrome 102.0.5005.115 is due to roll outover the coming days/weeks. This is for all users regardless of whether they use Windows, Linux, or Mac.
The vulnerabilities
Four of the seven issues have been rated as high risk.
CVE-2022-2007: Use after free in WebGPU. This can allow manipulation of the memory layer of the browser, with the possibility of remote code execution as per an older example.
CVE-2022-2008: Out of bounds memory access in WebGL.
CVE-2022-2010: Out of bounds read in compositing. According to reports, the attack may be initiated remotely and no form of authentication is required for exploitation, but some form of user interaction is required.
CVE-2022-2011: Use after free in ANGLE. Almost Native Graphics Layer Engine(ANGLE) is an “open source, cross-platform graphics engine abstraction layer” which was developed by Google.
Next steps
More details likely won’t be forthcoming for a while yet, so it’s crucial to apply updatesas soon as possible.
In Chrome, click the More icon, then Help -> About Google Chrome.From here, you’ll be able to see your current update status and apply the update as required.
This should be all you need to do to keep the above security vulnerabilities at bay.
