1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Several dangerous Google Chrome security flaws have been fixed, s

    From TechnologyDaily@1337:1/100 to All on Tue Jun 14 15:30:04 2022
    Several dangerous Google Chrome security flaws have been fixed, so patch now

    Date:
    Tue, 14 Jun 2022 14:09:59 +0000

    Description:
    Flaws could have allowed hackers to take over the target device using Google Chrome.

    FULL STORY ======================================================================

    The latest Google Chrome update patches multiple high-severity
    vulnerabilities in the browser , the company has revealed.

    In total, Google fixed seven vulnerabilities, including four labeled as high-severity: CVE-2022-2007 (Use-After-Free (UAF) vulnerability in WebGPU), CVE-2022-2008 (out-of-bounds memory access vulnerability in WebGL), CVE-2022-2010 (out-of-bounds read vulnerability in Chrome's compositing component), and CVE-2022-2011 (UAF vulnerability in ANGLE).

    Google is keeping quiet on how threat actors might leverage these vulnerabilities until the majority of users patch up, so details are relatively scarce. Still, the U.S. Cybersecurity & Infrastructure Agency (CISA) published a short advisory following the release of the patch, urging users to patch up their endpoints immediately, as the flaws could be abused
    to take control of an affected system.

    Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99.

    Version 102.0.5005.115 was officially released on Thursday, June 9, for Windows, Mac, and Linux, with the update set to roll out automatically to all users over the coming weeks. Bounty hunters

    "Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed," Google said.

    CVE-2022-2010 was uncovered by Google's Project Zero research team, ZDNet finds, while the others were discovered by independent security researchers. According to the publication, CVE-2022-2007 has earned security researcher David Manouchehri a $10,000 reward, while the names of the people who discovered CVE-2022-2008 and CVE-2022-2011 have not yet been published. Read more

    This Google Chrome update could end annoying pop-ups for good


    Google Chrome users urged to update immediately or risk attack


    Google releases yet another emergency Chrome security update

    "We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel," said Google.

    Chrome is currently the worlds number one browser, with more than 2.6 billion users worldwide.

    Via: ZDNet



    ======================================================================
    Link to news story: https://www.techradar.com/news/several-dangerous-google-chrome-security-flaws- have-been-fixed-so-patch-now/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)