Google Chrome Releases New Version to Address Multiple Vulnerabilities

Posted by Author Diksha Ojha on Posted on

Chrome has released an update for Windows, Mac, and Linux to address multiple vulnerabilities. The vulnerabilities are rated from medium to high. 
 
The advisory addressed fixes for 14 security vulnerabilities that are mentioned below: 

  • CVE-2022-3652: Type Confusion in V8. This flaw was reported by srodulv and ZNMchtss from S.S.L Team. 
  • CVE-2022-3653: Heap buffer overflow in Vulkan. This flaw was reported by SeongHwan Park. 
  • CVE-2022-3654: Use after free in Layout. This flaw was reported by Sergei Glazunov of Google Project Zero. 
  • CVE-2022-3655: Heap buffer overflow in Media Galleries. This flaw was reported by koocola and Guang Gong from 360 Vulnerability Research Institute. 
  • CVE-2022-3656: Insufficient data validation in File System. This flaw was reported by Ron Masas from Imperva. 
  • CVE-2022-3657: Use after free in Extensions. This flaw was reported by Omri Bushari from Talon Cyber Security. 
  • CVE-2022-3658: Use after free in Feedback service on Chrome OS. This flaw was reported by Nan Wang and Guang Gong from 360 Vulnerability Research Institute. 
  • CVE-2022-3659: Use after free in Accessibility. This flaw was reported by ginggilBesel. 
  • CVE-2022-3660: Inappropriate implementation in Full-screen mode. This flaw was reported by Irvan Kurniawan. 
  • CVE-2022-3661: Insufficient data validation in Extensions. This flaw was reported by Young Min Kim, CompSec Lab at Seoul National University. 

Affected versions  
Google Chrome versions prior to 107.0.5304.62 are affected by this vulnerability. 
 
Mitigation  
Customers are requested to upgrade to the latest Chrome version 107.0.5304.62 for Mac, 107.0.5304.68 for Linux, and 107.0.5304.62/63 (Windows). For more information, please refer to the Google Chrome security page 
 
The customer can check for the updates by navigating to Chrome Menu > Help > About Google Chrome. The web browser will automatically check for the latest updates and install them when it is launched.

 

Microsoft has released the Microsoft Edge Stable Channel (version 107.0.1418.24) addressing the latest security updates of the Chromium project. This update covers the latest Security Updates of the Chromium project. 

Qualys Detection  
Qualys customers can scan their devices with QIDs 377698 and 377720 to detect vulnerable assets.  
  
Please continue to follow Qualys Threat Protection for more coverage on the latest vulnerabilities.  
  
References 
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html  

Leave a Reply

Your email address will not be published. Required fields are marked *