Google Chrome Update With 'High Severity' Bug Fixes on Mobiles, Windows, Mac, and Linux Released

Google has withheld information around some of the vulnerabilities until a majority of users have installed the update.

Written by Anees Hussain, Edited by David Delima | Updated: 10 November 2022 19:44 IST

Photo Credit: Pixabay

Google Chrome users are advised to install the latest update on their devices

Highlights

Google Chrome has been updated with 10 security fixes
The update fixes several memory corruption vulnerabilities
Google has detailed six highly critical Chrome security flaws

Google Chrome has been updated with important security fixes for Google's browser on smartphones as well as Windows, Mac, and Linux computers. The update fixes a total of ten security vulnerabilities on the popular browser. The updated Chrome browser will be rolled out over the coming days, Google said in an advisory. The company recommends that users should install the update as soon as it is rolled out to their devices. The company, however, restricted itself from revealing full details about the bugs until a majority of users have updated to the latest version. This information will be further withheld if the existence of similar flaws are identified in any third-party libraries that other projects depend on and haven't yet been addressed through a fix, according to Google.

The search giant lists six out of the ten addressed security vulnerabilities 'high severity' bugs, which means that users are advised to apply the updates as soon as possible to prevent their devices from being at risk of exploitation, Google said in its release notes.

The vulnerabilities could allow a remote attacker to exploit 'heap corruption' via a crafted HTML page. Memory corruption typically occurs in a computer program due to programming errors, and corrupted memory contents can lead either to program crashes or unexpected behaviour in the affected application.

Reclaim Space on Your PC by Cleaning Your Browser

The first and second heap corruption vulnerabilities are denoted by CVE-2022-3885 and CVE-2022-3886, which represent security flaws in V8, the open-source JavaScript engine that powers Google Chrome and Chromium web browsers, and the Speech Recognition on Google Chrome, respectively.

The third security flaw has been recorded as CVE-2022-3887 and affects Web Workers, a feature allowing scripts to run in the background. Meanwhile, CVE-2022-3888 affects the WebCodecs API on Google Chrome.

Google has also mitigated the CVE-2022-3889 vulnerability in Chrome, which provides the browser's V8 engine with the wrong code, while CVE-2022-3890 can be used by remote attackers to escape the "sandbox" security measures used to isolate the browser from critical system components, using Crashpad.

Windows 10, Chrome to Allow Easy Switching of Default Browsers: Report

Meanwhile, the firm has credited and rewarded external security researchers who responsibly disclosed the vulnerabilities, allowing Google to patch them in time. The company has paid rewards of up to $21,000 (roughly Rs. 17,15,000) to the researchers who discovered them.

Apple Pay Said to Work on Chrome, Edge, and Firefox on Latest iOS 16 Beta

Are the Pixel 7 and 7 Pro the best in their segment? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.