Google Chrome security update fixes 'high risk' flaws

The Cybersecurity and Infrastructure Security Agency (CISA) has urged IT administrators and users to implement recent updates released by Google as soon as possible to avoid the risk of an attacker leveraging several flaws that were patched in the update. Google released security updates for the Chrome browser on Mac, Windows, and Linux devices. The vulnerabilities that were patched could allow for remote takeover. Google announced that the update patches 11 flaws in total, including five ranked as high-severity. One of the flaws patches is CVE-2022-2477, a vulnerability that could allow a remote attacker to execute arbitrary code. The flaw lies in the use-after-free function in Guest View.

Use-after-free is a vulnerability that occurs as the result of an incorrect implementation of dynamic memory. This means that during the operation of an application, a memory location is freed as an error. This can be exploited by remote attackers to take control of a device, Google says. Another vulnerability fixed in the update pertains to the Service Worker API, which acts as a proxy server between web applications, the browser, and the network. Users should implement the update as soon as possible.

Share this:

About OODA Analyst