{"id":19320,"date":"2022-06-13T07:10:08","date_gmt":"2022-06-13T15:10:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/06\/13\/news-13053\/"},"modified":"2022-06-13T07:10:08","modified_gmt":"2022-06-13T15:10:08","slug":"news-13053","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/06\/13\/news-13053\/","title":{"rendered":"Update Chrome now: Four high risk vulnerabilities found"},"content":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Mon, 13 Jun 2022 14:20:34 +0000<\/strong><\/p>\n<p>Users of Chrome have been advised to <a href=\"https:\/\/www.zdnet.com\/article\/time-to-update-google-patches-seven-chrome-browser-bugs-four-rated-high-risk\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">apply updates<\/a> as soon as possible related to seven security vulnerabilities. <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/current-activity\/2022\/06\/10\/google-releases-security-updates-chrome\" target=\"_blank\" rel=\"noreferrer noopener\">CISA has also warned<\/a> that the vulnerabilities could be used to take control of affected systems. Although no detailed explanation of how these vulnerabilities work has been released, there is enough out there to encourage users to apply the patches.<\/p>\n<p>Chrome 102.0.5005.115 is <a href=\"https:\/\/chromereleases.googleblog.com\/2022\/06\/stable-channel-update-for-desktop.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">due to roll out<\/a> over the coming days\/weeks. This is for all users regardless of whether they use Windows, Linux, or Mac.<\/p>\n<h2>The vulnerabilities<\/h2>\n<p>Four of the seven issues have been rated as high risk.<\/p>\n<p><a href=\"https:\/\/www.cvedetails.com\/cve\/CVE-2007-2022\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2022-2007<\/a>: Use after free in WebGPU. This can allow manipulation of the memory layer of the browser, with the possibility of remote code execution as per <a href=\"https:\/\/blog.talosintelligence.com\/2020\/08\/vuln-spotlight-chrome-use-free-aug-2020.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">an older example<\/a>.<\/p>\n<p><a href=\"https:\/\/www.cvedetails.com\/cve\/CVE-2007-2008\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2022-2008<\/a>: Out of bounds memory access in WebGL.<\/p>\n<p><a href=\"https:\/\/www.cvedetails.com\/cve\/CVE-2007-2010\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2022-2010<\/a>: Out of bounds read in compositing. According to <a href=\"https:\/\/vuldb.com\/?id.201623\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">reports<\/a>, the attack may be initiated remotely and no form of authentication is required for exploitation, but some form of user interaction is required.<\/p>\n<p><a href=\"https:\/\/www.cvedetails.com\/cve\/CVE-2007-2011\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2022-2011<\/a>: Use after free in ANGLE. <a href=\"https:\/\/en.wikipedia.org\/wiki\/ANGLE_(software)#:~:text=ANGLE%20(Almost%20Native%20Graphics%20Layer,limitations%20of%20OpenGL%20ES%20standard.\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Almost Native Graphics Layer Engine<\/a> (ANGLE) is an &#8220;open source, cross-platform graphics engine abstraction layer&#8221; which was developed by Google.<\/p>\n<h2>Next steps<\/h2>\n<p>More details likely won&#8217;t be forthcoming for a while yet, so it&#8217;s crucial to <a href=\"https:\/\/support.google.com\/chrome\/answer\/95414\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">apply updates<\/a> as soon as possible.<\/p>\n<p>In Chrome, click the&nbsp;<strong>More<\/strong>&nbsp;icon, then&nbsp;<strong>Help<\/strong>&nbsp;-&gt;&nbsp;<strong>About Google Chrome.<\/strong> From here, you&#8217;ll be able to see your current update status and apply the update as required.<\/p>\n<p>This should be all you need to do to keep the above security vulnerabilities at bay.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/exploits-and-vulnerabilities\/2022\/06\/update-chrome-now-four-high-risk-vulnerabilities-found\/\">Update Chrome now: Four high risk vulnerabilities found<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/exploits-and-vulnerabilities\/2022\/06\/update-chrome-now-four-high-risk-vulnerabilities-found\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Mon, 13 Jun 2022 14:20:34 +0000<\/strong><\/p>\n<p>We take a look at the latest batch of vulnerabilities in Chrome requiring an update.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/exploits-and-vulnerabilities\/2022\/06\/update-chrome-now-four-high-risk-vulnerabilities-found\/\">Update Chrome now: Four high risk vulnerabilities found<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10699,11810,11638,22783,1670,11304,10467],"class_list":["post-19320","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-chrome","tag-cve","tag-exploit","tag-exploits-and-vulnerabilities","tag-google","tag-update","tag-vulnerability"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19320","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=19320"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19320\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=19320"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=19320"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=19320"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}