Google has revealed the stable channel release of Chrome 106, which includes patches for 20 vulnerabilities, including 16 that were discovered by outside researchers.
Five security bugs that were reported from the outside are classified as having “high” severity, eight as having “medium” severity, and three as having “low” severity. Use-after-free flaws make up half of these vulnerabilities and can result in data corruption, arbitrary code execution, and denial of service. The flaws could be used in conjunction with other vulnerabilities to compromise the entire system. Use-after-free flaws in Chrome are frequently exploited for sandbox escapes.
Four of the five high-severity issues that Chrome 106 fixes are use-after-free flaws affecting the CSS, Survey, and Media components of three different browsers.