Google Chrome 106 point update fixes 6 security vulnerabilities
#1
Information 
Quote:Google released a new stable version of its Chrome web browser today. The new version of Chrome patches six different vulnerabilities in the web browser according to Google's release announcement on the official Chrome releases blog.

[Image: chrome-106-security-update-2.png]

Chrome 106.0.5249.119 is already available for the supported desktop systems Windows, Mac and Linux. Google notes that the Extended Stable channel has been updated to the same version for Windows and Mac as well.

Most Chrome installations are updated automatically thanks to the built-in updating system. The process may take days or even weeks according to Google.

Chrome users may load chrome://settings/help to display the current version of the browser and run a manual check for updates. The browser will download and install any update that it discovers automatically.

Chrome 106.0.5249.119

Google confirms on the Chrome Releases blog that it has fixed six different vulnerabilities in the update. All six security issues have a severity rating of high, the second-highest after critical.
 
Quote:[$15000][1364604] High CVE-2022-3445: Use after free in Skia. Reported by Nan Wang (@eternalsakura13) and Yong Liu of 360 Vulnerability Research Institute on 2022-09-16

[$13000][1368076] High CVE-2022-3446: Heap buffer overflow in WebSQL. Reported by Kaijie Xu (@kaijieguigui) on 2022-09-26

[$7500][1366582] High CVE-2022-3447: Inappropriate implementation in Custom Tabs. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2022-09-22

[$2500][1363040] High CVE-2022-3448: Use after free in Permissions API. Reported by raven at KunLun lab on 2022-09-13

[$TBD][1364662] High CVE-2022-3449: Use after free in Safe Browsing. Reported by asnine on 2022-09-17

[$TBD][1369882] High CVE-2022-3450: Use after free in Peer Connection. Reported by Anonymous on 2022-09-30

None of the listed security issues appear to be exploited in the wild, as Google makes no mention of it in the announcement.

The new update is the third Chrome 106 point release already. The first point release addressed three security issues in Chrome; the second, released just last week, was a mysterious release, as Google made no mention of any fixes in the announcement. Together with Chrome 106, the four releases fixed a total of 29 different security issues in Chrome.

Chrome users should update the browser as soon as possible to protect it from attacks targeting the newly patched security issues.

Expect most Chromium-based browsers to push out point updates as well in the coming days and weeks to address security issues.

Now You: when do you update your browsers?


...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • ismail
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>