Google Chrome comes with "High Severity" bug fixes for Windows, Mac, Linux, and mobile devices.
- Ten security patches have been added to Google Chrome.
- The update resolves a number of memory corruption flaws.
- Google has listed six serious security holes in Chrome.
Important security updates have been made to Google Chrome for use on Windows, Mac, and Linux computers as well as smartphones. Ten security flaws in the well-known browser are all fixed with the upgrade. According to a Google alert, the upgraded Chrome browser will be released gradually over the next few days. The manufacturer advises consumers to upgrade their devices as soon as it becomes available.
The business, however, refrained from disclosing all information on the issues until the bulk of users had upgraded to the most recent version. Further withholding of this information will occur if it turns out that any third-party libraries used by other projects have comparable issues that haven't yet been fixed.
In its release notes, the search engine giant identifies six of the 10 patched security flaws as 'high severity' defects, which indicates that users are urged to install the updates as quickly as possible to protect their devices from exploitation.
Through a specially written HTML page, the vulnerabilities might enable a remote attacker to exploit 'heap corruption.' Programming errors frequently cause memory corruption in computer programmes, and corrupted memory contents can result in either programme crashes or unexpected behaviour in the afflicted application.
CVE-2022-3885 and CVE-2022-3886, which stand for security weaknesses in V8, the open-source JavaScript engine that runs the Google Chrome and Chromium web browsers, and the Speech Recognition in Google Chrome, respectively, represent the first and second heap corruption vulnerabilities.
The third security hole concerns Web Workers, a feature that enables scripts to execute in the background, and has been identified as CVE-2022-3887. In the meanwhile, Google Chrome's WebCodecs API is impacted by CVE-2022-3888.
In addition, Google has patched the CVE-2022-3889 Chrome vulnerability, which sends the incorrect code to the browser's V8 engine, while CVE-2022-3890 allows remote attackers to bypass the 'sandbox' security mechanisms used to separate the browser from essential system components using Crashpad.
In the interim, the company has acknowledged and compensated outside security experts who responsibly reported the flaws, enabling Google to timely repair them. The business has given researchers who found them incentives of up to $21,000 (approximately Rs. 17,15,000).