Advisory for Google Chrome Security Updates

  • NIC-CERT/2022-08/341
  • Date: 2022-08-03
  • CVE ID: Multiple
  • Severity: High

Description:

Google has updated chrome toChrome 104 to the stable channel for Windows, Mac and Linux. Chrome 104 is also promoted to our new extended stable channel for Windows and Mac.

Security Issues Fixed:

Google update includes several security fixes in this release which includes vulnerabilities like Heap buffer overflow in PDF, Insufficient validation of untrusted input in Safe Browsing, use after free in Omnibox, Web UI, Extensions API.

Affected Products, CVE IDs and Solution:

This update includes 27 security fixes. Below, we highlight fixes that were contributed by external researchers.

CVE IDs:

CVE Id

Description

CVE-2022-2603

Use after free in Omnibox

CVE-2022-2604

Use after free in Safe Browsing

CVE-2022-2605

Out of bounds read in Dawn

CVE-2022-2606

Use after free in Managed devices API

CVE-2022-2607

Use after free in Tab Strip

CVE-2022-2608

Use after free in Overview Mode

CVE-2022-2609

Use after free in Nearby Share

CVE-2022-2610

Insufficient policy enforcement in Background Fetch

CVE-2022-2611

Inappropriate implementation in Fullscreen API

CVE-2022-2612

Side-channel information leakage in Keyboard input

CVE-2022-2613

Use after free in Input

CVE-2022-2614

Use after free in Sign-In Flow

CVE-2022-2615

Insufficient policy enforcement in Cookies

CVE-2022-2616

Inappropriate implementation in Extensions API

CVE-2022-2617

Use after free in Extensions API

CVE-2022-2618

Insufficient validation of untrusted input in Internals

CVE-2022-2619

Insufficient validation of untrusted input in Settings

CVE-2022-2620

Use after free in WebUI

CVE-2022-2621

Use after free in Extensions

CVE-2022-2622

Insufficient validation of untrusted input in Safe Browsing

CVE-2022-2623

Use after free in Offline

CVE-2022-2624

Heap buffer overflow in PDF

References:

https://chromereleases.googleblog.com/