The US CISA urges users to update their systems at their earliest. The latest Chrome browser update brings emergency fixes for numerous high-risk vulnerabilities.
CISA Alerts About Google Chrome Update
According to a recent advisory, the US CISA has encouraged all Google Chrome users to update their browsers immediately. The advisory typically mentions updating to the latest Chrome version 102.0.5005.115 available for Desktop (Windows, macOS, and Linux) systems.
This browser version arrived soon after Google released the major Chrome 102 update. The tech giant addressed over 30 vulnerabilities at that time, including a critical-severity bug and eight high-severity flaws.
But it now seems that the tech giant had more work to do as it again patched multiple high-severity flaws with Chrome 102.0.5005.115 release. According to its advisory, this release carries patches for seven different security bugs. From these, the tech giant mentioned four bugs reported by independent researchers in the advisory.
Specifically, one of these bugs includes a use after free vulnerability in WebGPU. This vulnerability, CVE-2022-2007, first caught the attention of David Manouchehri, who then reported it to Google in May 2022. The researcher even won a $10,000 bounty for this report.
Besides, the other significant vulnerabilities receiving fixes with this update include:
- CVE-2022-2008: Out of bounds memory access in WebGL.
- CVE-2022-2010: Out of bounds read in compositing.
- CVE-2022-2011: Use after free in ANGLE.
Continuing its usual practice, Google hasn’t shared any details about the vulnerabilities yet, giving users more time to update their systems safely.
Nonetheless, the subsequent CISA alert urging users for patches hints that the bugs may severely impact the users’ devices upon exploitation.
Thankfully, both Google and CISA didn’t mention anything about the active exploitation of the Chrome vulnerabilities. Nonetheless, it’s still wise for the users to update their systems at the earliest.