Advisory for Google Chrome Security Updates

  • NIC-CERT/2022-08/338
  • Date: 2022-08-01
  • CVE ID: Multiple
  • Severity: High

Description:
Google has released Long Term Support Channel Update for ChromeOS. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. LTS-96 has been updated in the LTS channel to 96.0.4664.215 (Platform Version: 14268.94.0) for most ChromeOS devices.

Security Issues Fixed:

Google update includes several security fixes in this release which includes vulnerabilities like Out of bounds read in compositing, Extension permission escalation.

Affected Products, CVE IDs and Solution:
This update includes following security fixes like Out of bounds read in compositing, permission escalation.

CVE IDs:

CVE Id

Description

CVE-2022-2010

Out of bounds read in compositing

CVE-2022-1488

Security: Extension permission escalation

CVE-2021-30560

CrOS: Vulnerability reported in dev-libs/libxslt

CVE-2022-29824

CrOS: Vulnerability reported in dev-libs/libxml2

References:

https://chromereleases.googleblog.com/