Lucene search

K
hiveproHive ProHIVEPRO:F0E08A7B0A92ED0929AD9DE27F33C527
HistoryJan 06, 2022 - 4:36 a.m.

Google fixes multiple vulnerabilities in Chrome

2022-01-0604:36:10
Hive Pro
www.hivepro.com
19

EPSS

0.012

Percentile

85.3%

THREAT LEVEL: Amber.

For a detailed advisory, download the pdf file here.

Google Chrome has been updated to version 97, which addresses 37 security flaws. Google has classed ten of them as High and one as Critical, while the remaining thirteen have been classified as Medium or Low. These flaws pose a high risk to all Linux, macOS, and Windows users, and users should act by updating Chrome to version 97.0.4692.71.

This advisory addresses the following 24 Google-disclosed vulnerabilities. To avoid exploitation, the rest of them will be uncovered once most users have been upgraded.

• CVE-2022-0096: Use after free in Storage.
• CVE-2022-0097: Inappropriate implementation in DevTools.
• CVE-2022-0098: Use after free in Screen Capture.
• CVE-2022-0099: Use after free in Sign-in.
• CVE-2022-0100: Heap buffer overflow in Media streams API.
• CVE-2022-0101: Heap buffer overflow in Bookmarks.
• CVE-2022-0102: Type Confusion in V8.
• CVE-2022-0103: Use after free in SwiftShader.
• CVE-2022-0104: Heap buffer overflow in ANGLE.
• CVE-2022-0105: Use after free in PDF.
• CVE-2022-0106: Use after free in Autofill.
• CVE-2022-0107: Use after free in File Manager API.
• CVE-2022-0108: Inappropriate implementation in Navigation.
• CVE-2022-0109: Inappropriate implementation in Autofill.
• CVE-2022-0110: Incorrect security UI in Autofill.
• CVE-2022-0111: Inappropriate implementation in Navigation.
• CVE-2022-0112: Incorrect security UI in Browser UI.
• CVE-2022-0113: Inappropriate implementation in Blink.
• CVE-2022-0114: Out of bounds memory access in Web Serial.
• CVE-2022-0115: Uninitialized Use in File API.
• CVE-2022-0116: Inappropriate implementation in Compositing.
• CVE-2022-0117: Policy bypass in Service Workers.
• CVE-2022-0118: Inappropriate implementation in WebShare.
• CVE-2022-0120: Inappropriate implementation in Passwords.

Indicators of Compromise(IoCs)

Patch Links

<https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html&gt;

References

<https://www.cisa.gov/uscert/ncas/current-activity/2022/01/05/google-releases-security-updates-chrome&gt;

<https://www.forbes.com/sites/gordonkelly/2022/01/05/google-chrome-hack-warning-new-attacks-exploits-upgrade-chrome-now/?sh=467db05810b0&gt;