The latest version of Google Chrome fixes 10 security flaws, some of which might allow remote attackers to crash your PC. Ten security vulnerabilities, some of which could allow remote attackers to crash susceptible devices, have been patched in the latest version of Google Chrome for Windows, Mac, and Linux.
However, the company is delaying complete details about many of the issues until most users have applied the updates, which are expected to roll out over the coming days and weeks, and Google has described some of the improvements in a Google Chrome release update.
There are a total of ten fixes for vulnerabilities in the most recent version of Google Chrome, all of which should be accessible on mobile devices as well. There are six critical upgrades. This means that the updates need to be implemented without delay.
A remote attacker could exploit ‘heap corruption’ by submitting a specially prepared HTML page that takes advantage of the flaws. The ‘heap,’ a section of RAM set aside specifically for programs to hold data, has been corrupted. Corruption of the heap happens when software corrupts the heap view, which can lead to a memory fault severe enough to cause a crash.
Read More: New Research Suggests Apple Is Tracking Users Even When Their Privacy Settings Turned Off!
V8, the open-source JavaScript engine developed by the Chromium Project for Google Chrome and Chromium web browsers, contains a vulnerability that can lead to heat corruption (CVE-2022-3885), and Speech Recognition in Google Chrome contains a vulnerability that can lead to the same effect (CVE-2022-3886).
Web Workers, which are used by Google Chrome to execute scripts in the background without interfering with the user interface, are vulnerable to a flaw identified as CVE-2022-3887. Security flaw CVE-2022-3888 affects Google Chrome’s WebCodecs, which are employed to supply low-level access to media encoders and decoders.
CVE-2022-3889, however, is a type of misunderstanding issue in V8 that causes it to execute erroneous code. Intruders can take advantage of heat corruption flaws in any of these ways. The most recent of the publicly-disclosed security flaws CVE-2022-3890 is a heap buffer overflow in Crashpad in Google Chrome for Android,
which might be exploited by a remote attacker to gain elevated privileges on the affected host. According to Google, “we would also like to thank all security researchers that worked with us during the development cycle to prevent security flaws from ever reaching the stable channel,” and the company has awarded bug bounty payouts of $7,000 to $21,000 to the researchers that found them.
Read More: Microsoft 365 Will Quickly Be Removed From These Outlook and OneDrive functions!
When it becomes available, users should install the Google Chrome security patch for version 107.0.5304.110 on Mac and Linux and version 107.0.5304.106/.107 on Windows. This will protect their systems from any potential exploits.