Google released Chrome 107 to the stable channel this week, containing updates for 14 vulnerabilities, including high-severity problems disclosed by external researchers.
Externally, 10 security problems were reported: three of high severity, six of medium severity, and one of low severity. A remote attacker must deceive a victim into visiting a specially crafted webpage with a vulnerable browser in order to exploit these issues. If successful, the attacker might execute arbitrary code or cause a denial-of-service (DoS) issue on the vulnerable system. Google claims to have paid the reporting researcher USD 20,000 in cash.
According to the awarded bug bounty incentives, CVE-2022-3652 is the most serious of these externally disclosed security flaws.