Advisory for Google Chrome Security Updates

NIC-CERT/2022-08/341
Date: 2022-08-03
CVE ID: Multiple
Severity: High

Advisory for Google Chrome Security Updates

Description:

Google has updated chrome toChrome 104 to the stable channel for Windows, Mac and Linux. Chrome 104 is also promoted to our new extended stable channel for Windows and Mac.

Security Issues Fixed:

Google update includes several security fixes in this release which includes vulnerabilities like Heap buffer overflow in PDF, Insufficient validation of untrusted input in Safe Browsing, use after free in Omnibox, Web UI, Extensions API.

Affected Products, CVE IDs and Solution:

This update includes 27 security fixes. Below, we highlight fixes that were contributed by external researchers.

CVE IDs:

CVE Id	Description
CVE-2022-2603	Use after free in Omnibox
CVE-2022-2604	Use after free in Safe Browsing
CVE-2022-2605	Out of bounds read in Dawn
CVE-2022-2606	Use after free in Managed devices API
CVE-2022-2607	Use after free in Tab Strip
CVE-2022-2608	Use after free in Overview Mode
CVE-2022-2609	Use after free in Nearby Share
CVE-2022-2610	Insufficient policy enforcement in Background Fetch
CVE-2022-2611	Inappropriate implementation in Fullscreen API
CVE-2022-2612	Side-channel information leakage in Keyboard input
CVE-2022-2613	Use after free in Input
CVE-2022-2614	Use after free in Sign-In Flow
CVE-2022-2615	Insufficient policy enforcement in Cookies
CVE-2022-2616	Inappropriate implementation in Extensions API
CVE-2022-2617	Use after free in Extensions API
CVE-2022-2618	Insufficient validation of untrusted input in Internals
CVE-2022-2619	Insufficient validation of untrusted input in Settings
CVE-2022-2620	Use after free in WebUI
CVE-2022-2621	Use after free in Extensions
CVE-2022-2622	Insufficient validation of untrusted input in Safe Browsing
CVE-2022-2623	Use after free in Offline
CVE-2022-2624	Heap buffer overflow in PDF

References:

https://chromereleases.googleblog.com/