Chrome received fifth zero-day vulnerability update

Google repeatedly tells you to keep your software updated because there is a risk of cyber attacks due to a lapse in the previous software. Google also takes care of this and keeps updating its products on time, this week Google released a stable channel update for the Chrome browser which includes 11 security fixes. Specifically, one is for a zero-day vulnerability in Chrome that exists in the wild.

Chrome uses these intents to process user input. If Chrome doesn’t validate the input properly, an attacker can craft an input the browser doesn’t expect. This can result in arbitrary code execution.

Here you can check the descriptions of the 11 security vulnerabilities Google patched as well as the names of the groups that discovered them and their payouts:

  • [$NA][1349322] Critical CVE-2022-2852: Use after free in FedCM. As reported by Sergei Glazunov of Google Project Zero on 2022-08-02
  • [$7000][1337538] High CVE-2022-2854: Use after free in SwiftShader. As reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-06-18
  • [$7000][1345042] High CVE-2022-2855: Use after free in ANGLE. As reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-07-16
  • [$5000][1338135] High CVE-2022-2857: Use after free in Blink. As reported by Anonymous on 2022-06-21
  • [$5000][1341918] High CVE-2022-2858: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05
  • [$NA][1350097] High CVE-2022-2853: Heap buffer overflow in Downloads. As reported by Sergei Glazunov of Google Project Zero on 2022-08-04
  • [$NA][1345630] High CVE-2022-2856: Insufficient validation of untrusted input in Intents. As reported by Ashley Shen and Christian Resell of Google Threat Analysis Group on 2022-07-19
  • [$3000][1338412] Medium CVE-2022-2859: Use after free in Chrome OS Shell. As reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-22
  • [$2000][1345193] Medium CVE-2022-2860: Insufficient policy enforcement in Cookies. As reported by Axel Chong on 2022-07-18
  • [$TBD][1346236] Medium CVE-2022-2861: Inappropriate implementation in Extensions API. As reported by Rong Jian of VRI on 2022-07-21

If you like our news and you want to be the first to get notifications of the latest news, then follow us on Twitter and Facebook page and join our Telegram channel. Also, you can follow us on Google News for regular updates.

Leave a Comment