Advisory for Google Chrome Security Updates

  • NIC-CERT/2022-12/497
  • Date: 2022-12-02
  • CVE ID: Multiple
  • Severity: High

Description:
Google has updated LTS channel to102.0.5005.189(Platform Version:14695.155.0) for most ChromeOS devices and updated Chrome 108 to the stable channel for Windows, Mac and Linux.

Security Issues Fixed:
Google update includes several security fixes in this release which includes vulnerabilities like Use after free in WebCodecs.

  1. Affected Products, CVE IDs and Solution:

This update includes 29 security fixes. Below, we highlight fixes that were contributed by external researchers.

  1. CVE IDs:

CVE Id

Description

CVE-2022-3038

Use after free in WebCodecs

CVE-2022-4174

Type Confusion in V8.Heap buffer overflow in GPU

CVE-2022-4175

Use after free in Camera Capture

CVE-2022-4176

Out of bounds write in Lacros Graphics.

CVE-2022-4177

Use after free in Extensions.

CVE-2022-4178

Use after free in Mojo.

CVE-2022-4179

Use after free in Audio

CVE-2022-4180

Use after free in Mojo.

CVE-2022-4181

Use after free in Forms.

CVE-2022-4182

Inappropriate implementation in Fenced Frames.

CVE-2022-4183

Insufficient policy enforcement in Popup Blocker.

VE-2022-4184

Insufficient policy enforcement in Autofill.

CVE-2022-4185

Inappropriate implementation in Navigation.

CVE-2022-4186

Insufficient validation of untrusted input in Downloads

CVE-2022-4187

Insufficient policy enforcement in DevTools.

CVE-2022-4188

Insufficient validation of untrusted input in CORS.

CVE-2022-4189

Insufficient policy enforcement in DevTools.

CVE-2022-4190

Insufficient data validation in Directory.

CVE-2022-4191

Use after free in Sign-In

CVE-2022-4192

Use after free in Live Caption.

CVE-2022-4193

Insufficient policy enforcement in File System API.

CVE-2022-4194

Use after free in Accessibility


  1. References:

https://chromereleases.googleblog.com/