Chrome for Windows, Mac, Linux Updates With 4 High-Risk Vulnerability Fixes

CERT-In has warned users about the issues and urged them to install the updated Chrome on their systems.

By Jagmeet Singh | Updated: 13 June 2022 19:14 IST

Chrome for Windows, Mac, Linux Updates With 4 High-Risk Vulnerability Fixes

Photo Credit: Unsplash/ Firmbee.com

Chrome users are advised to install the latest update

Highlights

Chrome users can update by going to 'About Google Chrome' settings
Google has included seven security fixes
The high-risk issues are related to WebGPU and WebGL components

Google has released Chrome version 102.0.5005.115 for Windows, Mac, and Linux. The new release fixes a total of seven security vulnerabilities — of which, four are marked highly severe. The update is rolling out to desktop users across Windows, macOS and Linux platforms over the coming days. India's Computer Emergency Response Team (CERT-In) and the United States Cybersecurity and Infrastructure Agency (CISA) have urged users to install the latest Chrome release on their systems to prevent the reported issues.

The four security issues that are rated with high severity are tracked as CVE-2022-2007, CVE-2022-2008, CVE-2022-2010, and CVE-2022-2011, as Google explained in a blog post.

The vulnerability that is tracked as CVE-2022-2007 is a Use-After-Free (UAF) vulnerability, which exists in the WebGPU to API and allows attackers to hack by exploiting incorrect use of dynamic memory. The CVE-2022-2008 flaw, on the other hand, results in out-of-bounds memory access in WebGL.

Chrome's compositing component is also found to have the CVE-2022-2010 issue, which is an out-of-bounds read vulnerability. The last high-risk vulnerability, CVE-2022-2011, is a use after free flaw in ANGLE engine abstraction layer.

Although Google has detailed the four highly severe issues, it has not provided public access to the details as a large number of users are yet to bring the fix.

"We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven't yet fixed," the company said.

In response to the public disclosure from Google, CERT-In has released a vulnerability note to urge users to install the latest update.

"Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code on the targeted system," the advisory by the nodal agency said.

The CISA has also encouraged users and administrators to apply the update on their systems.

Users can check for the latest release on their Windows, Mac, and Linux systems by going to Chrome > About Google Chrome. The update can also be installed by clicking on the three-dot button from the right-most corner and then Help > About Google Chrome.

Missed Apple's WWDC 2022? We discuss every major announcement on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.