/>
X
Innovation

Google Chrome security update fixes 'high risk' flaws

Google releases 11 fixes for Chrome - and CISA says users should apply them.
danny-palmer
Written by Danny Palmer, Senior Writer on
chrome-icon-close-up.jpg
Image: Shutterstock

Google has released security updates for Google Chrome browser for Windows, Mac and Linux, addressing vulnerabilities that could allow a remote attacker to take control of systems. 

There are 11 fixes in total, including five that are classed as high-severity. As a result, CISA has issued an alert encouraging IT administrators and regular users to install the updates as soon as possible to ensure their systems are not vulnerable to the flaws. 

Among the most severe vulnerabilities that are patched by the Google Chrome update is CVE-2022-2477, a vulnerability caused by a use-after-free flaw in Guest View, which could allow a remote attacker to execute arbitrary code on systems or crash them. 

SEE: What, exactly, is cybersecurity? And why does it matter?

Use-after-free is a vulnerability as a result of the incorrect use of dynamic memory during the operation of an application, freeing a memory location in error – something that an attacker can exploit. 

Another of the vulnerabilities, CVE-2022-2480, relates to a use-after-free flaw in the Service Worker API, which which acts as a proxy server that sit between web applications, the browser and the network in order to improve offline experiences, among other things. 

The specific functionality that this vulnerability relates to has yet to be disclosed, but it can lead to a memory corruption flaw if abused, which can be used to crash systems or execute code – essentially allowing attackers to install malware or otherwise abuse the system.  

It requires some sort of user interaction but, as with many of the vulnerabilities disclosed in this update, the full details are yet to be made public. According to Google, this is because they're waiting for users to apply the updates first, so they're protected from anybody trying to exploit them. 

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," the Chrome team said in the update. 

"We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel," they added. 

CISA warns that the fixes relate to "vulnerabilities that an attacker could exploit to take control of an affected system" and that the updates should be applied as soon as possible. 

MORE ON CYBERSECURITY


Editorial standards

Related

There's been a big rise in hackers targeting Google Chrome - doing this one thing can help protect you
getty-two-people-in-an-office-looking-at-a-computer

There's been a big rise in hackers targeting Google Chrome - doing this one thing can help protect you

Break up with LastPass: How to use iCloud as a password manager on Windows
Businesswoman with smart phone looking at computer monitor. Young female professional is sitting at desk. She is wearing smart casuals at home office.

Break up with LastPass: How to use iCloud as a password manager on Windows

Unblock streaming services and secure your downloads with these Windows VPNs
xps-gi3iuj1fwxi-unsplash.jpg

Unblock streaming services and secure your downloads with these Windows VPNs