Google released a Chrome browser update this week that fixes a total of 13 vulnerabilities, including nine that were discovered by third-party researchers.
Seven of the externally disclosed security issues are use-after-free flaws, which could allow arbitrary code execution. CVE-2022-1633, a high-severity use-after-free in Sharesheet that was reported by Khalil Zhani, is the most serious of these problems based on severity ratings and currently listed bug rewards. An anonymous researcher disclosed CVE-2022-1635, a high-severity use-after-free in Permission Prompts that qualified for a 3,000 USD bug bounty reward.
CVE-2022-1636, a high-severity use-after-free in Performance APIs identified by Microsoft’s Seth Brenith, is not eligible for a reward, according to Google’s policy.
Read More: https://www.securityweek.com/chrome-101-update-patches-high-severity-vulnerabilities
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
