Advisory for Google Chrome Security Updates

NIC-CERT/2022-12/497
Date: 2022-12-02
CVE ID: Multiple
Severity: High

Advisory for Google Chrome Security Updates

Description:
Google has updated LTS channel to102.0.5005.189(Platform Version:14695.155.0) for most ChromeOS devices and updated Chrome 108 to the stable channel for Windows, Mac and Linux.

Security Issues Fixed:
Google update includes several security fixes in this release which includes vulnerabilities like Use after free in WebCodecs.

Affected Products, CVE IDs and Solution:

This update includes 29 security fixes. Below, we highlight fixes that were contributed by external researchers.

CVE IDs:

CVE Id		Description
CVE-2022-3038		Use after free in WebCodecs

	CVE-2022-4174		Type Confusion in V8.Heap buffer overflow in GPU
	CVE-2022-4175		Use after free in Camera Capture
	CVE-2022-4176		Out of bounds write in Lacros Graphics.
	CVE-2022-4177		Use after free in Extensions.
	CVE-2022-4178		Use after free in Mojo.
	CVE-2022-4179		Use after free in Audio
	CVE-2022-4180		Use after free in Mojo.
	CVE-2022-4181		Use after free in Forms.
	CVE-2022-4182		Inappropriate implementation in Fenced Frames.
	CVE-2022-4183		Insufficient policy enforcement in Popup Blocker.
	VE-2022-4184		Insufficient policy enforcement in Autofill.
	CVE-2022-4185		Inappropriate implementation in Navigation.
	CVE-2022-4186		Insufficient validation of untrusted input in Downloads
	CVE-2022-4187		Insufficient policy enforcement in DevTools.
	CVE-2022-4188		Insufficient validation of untrusted input in CORS.
	CVE-2022-4189		Insufficient policy enforcement in DevTools.
	CVE-2022-4190		Insufficient data validation in Directory.
	CVE-2022-4191		Use after free in Sign-In
	CVE-2022-4192		Use after free in Live Caption.
	CVE-2022-4193		Insufficient policy enforcement in File System API.
	CVE-2022-4194		Use after free in Accessibility

References:

https://chromereleases.googleblog.com/