Chrome 106 Update Patches Several High-Severity Vulnerabilities
House › Vulnerabilities
Chrome 106 Replace Patches A number of Excessive-Severity Vulnerabilities
By Ionut Arghire on October 12, 2022
Tweet
Google introduced on Tuesday that the most recent Chrome replace patches six high-severity vulnerabilities, together with 4 use-after-free bugs.
All of the newly resolved vulnerabilities have been found by exterior researchers and the web large has handed out $38,000 in bug bounty rewards to the reporters.
Primarily based on the bug bounty quantities that Google has paid out, probably the most extreme of the newly addressed flaws is CVE-2022-3445, a use-after-free vulnerability in Skia, the open-source 2D graphics library that serves as Chrome’s graphics engine.
Google says in its advisory that it has paid a $15,000 bug bounty reward to Nan Wang and Yong Liu of Qihoo 360 for reporting the problem final month.
One other $13,000, Google says, has been handed out to Kaijie Xu for reporting CVE-2022-3446, a heap buffer overflow in WebSQL.
Moreover, the web large paid $7,500 to Narendra Bhati of Suma Gentle, who reported an inappropriate implementation in Customized Tabs (CVE-2022-3447), and $2,500 to a Kunlun Lab researcher who reported a use-after-free flaw in Permissions API (CVE-2022-3448).
Two different use-after-free vulnerabilities have been resolved in Secure Shopping (CVE-2022-3449) and Peer Connection (CVE-2022-3450), however Google has but to reveal the bug bounty quantity.
Technical particulars on the addressed points is not going to be launched till the vast majority of Chrome customers have put in the replace.
The most recent Chrome iteration is now rolling out to Home windows, Mac, and Linux customers as model 106.0.5249.119.
Google makes no point out of any of the newly addressed safety defects being exploited in assaults.
Associated: Chrome 106 Patches Excessive-Severity Vulnerabilities
Associated: Chrome 105 Replace Patches Excessive-Severity Vulnerabilities
Associated: Google Patches Sixth Chrome Zero-Day of 2022
Get the Each day Briefing
- Most Current
- Most Learn
- Vista Fairness Companions to Purchase Safety Consciousness Coaching Agency KnowBe4 for $4.6B
- Immersive Labs Raises $66 Million for Cyber Workforce Resilience Platform
- Malwarebytes Launches MDR Resolution for SMBs
- Chrome 106 Replace Patches A number of Excessive-Severity Vulnerabilities
- QBot Malware Infects Over 800 Company Customers in New, Ongoing Marketing campaign
- Thoma Bravo to Take IAM Firm ForgeRock Non-public in $2.three Billion Deal
- ICS Patch Tuesday: Siemens, Schneider Electrical Launch 19 New Safety Advisories
- SAP Patches Crucial Vulnerabilities in Commerce, Manufacturing Execution Merchandise
- Lloyd’s of London Cyber Incident Investigation Finds No Proof of Compromise
- Microsoft Warns of New Zero-Day; No Repair But for Exploited Trade Server Flaws
Searching for Malware in All of the Fallacious Locations?
First Step For The Web’s subsequent 25 years: Including Safety to the DNS
Tattle Story: What Your Pc Says About You
Be in a Place to Act By Cyber Situational Consciousness
Report Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant
2010, A Nice Yr To Be a Scammer.
Do not Let DNS be Your Single Level of Failure
Methods to Establish Malware in a Blink
Defining and Debating Cyber Warfare
The 5 A’s that Make Cybercrime so Engaging
Methods to Defend In opposition to DDoS Assaults
Safety Budgets Not in Line with Threats
Anycast – Three Causes Why Your DNS Community Ought to Use It
The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering Organizations
Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise