Latest Chrome Update Resolves Four High Risk Vulnerabilities | Digital Guardian

The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

Latest Chrome Update Resolves Four High Risk Vulnerabilities

by Chris Brook on Tuesday June 14, 2022

Contact Us
Free Demo

Google has yet again updated Chrome to resolve multiple vulnerabilities in the browser, including four marked high severity.

It’s that time again.

If you haven’t already, it’s time to close out all of those accumulated tabs in your Chrome browser and click that update button. Users are being encouraged update the browser to fix as many as seven vulnerabilities, including some that an attacker could use to take over a system, recently uncovered in the browser.

Google released version 102.0.5005.115 of the browser for Windows, Mac, and Linux late last week to remedy the issues. The Cybersecurity and Infrastructure Agency, part of the Department of Homeland Security, warned about the vulnerabilities on Friday and encouraged users and administrators to apply the updates, as well.

The fixes include mitigating four bugs considered high in severity by Google's researchers. Details on the other three bugs weren't disclosed.

The bugs include a use after free vulnerability (CVE-2022-2007) in WebGPU - an API for GPU (Graphics Processing Unit) hardware, an out of bounds memory access vulnerability (CVE-20220-2008) in WebGL -  a graphics API for rendering interactive 2D and 3D graphics, an out of bounds read vulnerability in compositing (CVE-2022-2010) and a use after free vulnerability CVE-2022-2011) in Almost Native Graphics Layer Engine, or ANGLE, an open source graphics engine developed by Google.

While Google didn't provide much detail on how exactly the bugs could be used by attackers, the blog post, written by the Chrome team's Prudhvikumar Bommana, and the CISA advisory, which stresses the bugs could be exploited to take control of an affected system, should be enough to get users to update.

While Google Chrome is configured to automatically update for most people, users still need to trigger the update by either restarting Chrome or clicking into the browser’s settings and relaunching Chrome to finish the update.

Users can click Chrome -> About Google Chrome -> to see their browser’s current status.

Tags: Vulnerabilities

Recommended Resources

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.