Chrome 105 Update Patches High-Severity Vulnerabilities


Google on Wednesday announced the release of a Chrome 105 update that resolves 11 vulnerabilities, including seven high-severity bugs reported by external researchers.

Google on Wednesday announced the release of a Chrome 105 update that resolves 11 vulnerabilities, including seven high-severity bugs reported by external researchers.

First on the list of externally reported security issues is an out-of-bounds write in Chrome’s Storage component. Next, there are three use-after-free flaws in the PDF component, complemented by a fourth use-after-free in Frames.

The remaining two vulnerabilities are a heap buffer overflow in Internals and an insufficient validation of untrusted input in DevTools, the company explains in an advisory. The internet giant has issued CVE identifiers CVE-2022-3195 through CVE-2022-3201 for these bugs.

Google says it has handed out $18,000 in bug bounty rewards for three of the flaws. The final amount will likely be higher, as the company has yet to determine the amount to be paid for three other bugs.

The latest browser update is now rolling out to Mac and Linux users as Chrome 105.0.5195.125. Windows users will receive it as Chrome 105.0.5195.125/126/127.

Just as with many of the latest Chrome releases, memory safety issues represented the most common type of vulnerabilities addressed in the popular browser.

Google has been long working on ways to squash these bugs, and last year announced the adoption of the Rust compiler, to prevent memory errors from happening. More recently, the company detailed MiraclePtr, new technology meant to prevent the exploitation of use-after-free flaws.


By Ionut Arghire on Thu, 15 Sep 2022 12:49:49 +0000
Original link