Chrome browser users worldwide must perform an urgent update after Google discovered six new ‘High’ threat vulnerabilities.
Google confirmed the news on its official Chrome blog, stating that the vulnerabilities affect Chrome on Windows, macOS and Linux. And if you aren’t running Chrome version 106.0.5249.119 you’re at risk.
Google provided the following information about the six new Chrome vulnerabilities:
- High – CVE-2022-3445: Use after free in Skia. Reported by Nan Wang (@eternalsakura13) and Yong Liu of 360 Vulnerability Research Institute on 2022-09-16
- High – CVE-2022-3446: Heap buffer overflow in WebSQL. Reported by Kaijie Xu (@kaijieguigui) on 2022-09-26
- High – CVE-2022-3447: Inappropriate implementation in Custom Tabs. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2022-09-22
- High – CVE-2022-3448: Use after free in Permissions API. Reported by raven at KunLun lab on 2022-09-13
- High – CVE-2022-3449: Use after free in Safe Browsing. Reported by asnine on 2022-09-17
- High – CVE-2022-3450: Use after free in Peer Connection. Reported by Anonymous on 2022-09-30
Again, Use After Free (UAF) attacks were most prevalent. This is a memory exploit and has been the most consistently successful way to attack Chrome in recent years. Heap Buffer Overflow attacks also remain popular. This is an attack (also known as ‘Heap Smashing’) that exploits dynamically allocated memory in an attempt to overwrite critical data structures.
Advertisement
To update Chrome, click the overflow menu bar (three vertical dots) in the top right corner of the browser and click Help > About Google Chrome. This will force Chrome to check for browser updates. Once the update is complete, ensure you restart the browser to be fully protected. For step-by-step instructions, read my Chrome Update Guide.
___
Follow Gordon on Facebook
