September 29, 2022

Google Patches 20 Chrome Vulnerabilities, 4 High-Severity RCEs

Google has patched 4 high-severity Remote Code Execution vulnerabilities in Chrome.

The newly released Chrome version 106.0.5249.61/62 for Windows, and 106.0.5249.61 for Mac and Linux addresses 20 vulnerabilities overall.

The RCE Vulnerabilities

• CVE-2022-3304, High severity – Use after free Vulnerability in CSS.
• CVE-2022-3305, High severity – Use after free Vulnerability in Survey.
• CVE-2022-3306, High severity – Use after free Vulnerability in Survey.
• CVE-2022-3307, High severity – Use after free Vulnerability in Media.

Successful exploitation of these vulnerabilities may lead to Remote Code Execution, and potentially – full system compromise.

Affected Products

• Chrome for Desktop prior to version 106.0.5249.61.
• Since the vulnerabilities affects all unpatched Chromium based browsers, new updates should be monitored in browsers such as Opera, Firefox, and Edge.

Mitigation

CYREBRO updating browsers to the latest Chrome version, 106.0.5249.61 for Windows, Mac and Linux.

References: Google Chrome Advisory