CYREBRO Resources

E-Books & Guides

Google Patches 6 RCEs in Chrome

  • Threat Intelligence

November 9, 2022

Google Patches 6 RCEs in Chrome

Google has updated Chrome, patching 6 remote code execution vulnerabilities and 10 vulnerabilities overall.

The updated version is 107.0.5304.106/107 for Windows, and 107.0.5304.110 for Mac and Linux.

The RCE Vulnerabilities

  • CVE-2022-3885 (High Severity) – Use after free in V8.
  • CVE-2022-3886 (High Severity) – Use after free in Speech Recognition.
  • CVE-2022-3887 (High Severity) – Use after free in Web Workers.
  • CVE-2022-3888 (High Severity) – Use after free in WebCodecs.
  • CVE-2022-3889 (High Severity) – Type Confusion in V8.
  • CVE-2022-3890 (High Severity) – Heap buffer overflow in Crashpad.

Exploiting any of these vulnerabilities may lead to remote code execution on the target system.

Affected Products

  • Chrome for Windows prior to version 107.0.5304.106/107
  • Chrome for Mac and Linux prior to version 107.0.5304.110

Mitigation

CYREBRO recommends updating Chrome browsers to the latest version, 107.0.5304.106/107 for Windows, and 107.0.5304.110 for Mac and Linux.

References: Google Advisory

Back to Resources

Sign Up for Updates