Google Chrome Security Update Fixes 'High Risk' Flaws

"Google has released security updates for Google Chrome browser for Windows, Mac and Linux, addressing vulnerabilities that could allow a remote attacker to take control of systems," reports ZDNet: There are 11 fixes in total, including five that are classed as high-severity. As a result, CISA has issued an alert encouraging IT administrators and regular users to install the updates as soon as possible to ensure their systems are not vulnerable to the flaws.

Among the most severe vulnerabilities that are patched by the Google Chrome update is CVE-2022-2477, a vulnerability caused by a use-after-free flaw in Guest View, which could allow a remote attacker to execute arbitrary code on systems or crash them... Another of the vulnerabilities, CVE-2022-2480, relates to a use-after-free flaw in the Service Worker API, which which acts as a proxy server that sit between web applications, the browser and the network in order to improve offline experiences, among other things.

Meh

[NoWayNoShapeNoForm]

Article would have been more interesting the flaws had been discovered by Micro$haft.

Android?

[dltaylor]

Probably more Android installs than desktops. Are there similar vulnerabilities? If so, when does Android get the fixes?

Re:

[johnsie]

Ublock origin got bought by advertisers

If its a Samsung?

[Viol8]

Probably in 6 months time if they can be bothered and only if your tablet is a few years old.

Re:

[ChunderDownunder]

Hmmm, what?

Chrome is updated via the Google Play app.

Last I checked, it even superimposed itself over the system Chromium webview.

Re:

[Viol8]

Chrome is part of the OS install in mine and can't be upgraded on its own.

Re:

[ChunderDownunder]

On my Android phone Chrome was updated on the 19th of July - the "OS" hasn't seen an update since March.

Software company...

[VeryFluffyBunny]

...updates software. What a scoop!

Fixed in version 103.0.5060.134

[I am Jack's username]

Fixed in version 103.0.5060.134