Arriving on Windows, Mac, and Linux computers as Chrome 92.0.4515.159, the latest browser iteration packs a total of 9 security fixes, including 7 for bugs identified by external security researchers.
Type confusion bugs can typically be exploited by luring the targeted user to a malicious website, and they allow the attacker to achieve arbitrary code execution in the renderer process.Plenty of Chrome sandbox escape vulnerabilities in the past few years, and Google typically awards significant bug bounties for these types of flaws.
The Internet search giant also patched a use-after-free bug in Printing (CVE-2021-30600) and another in Extensions API (CVE-2021-30601). The company paid $20,000 in bug bounties for each of these issues.
Google has yet to reveal the bounty amount for two other use-after-free vulnerabilities one in WebRTC (CVE-2021-30602) and another in ANGLE (CVE-2021-30604). In addition, a high-severity race condition in WebAudio (CVE-2021-30603) was reported by a Google researcher.
In 2021, Google patched more than half a dozen actively exploited zero-day vulnerabilities in Chrome, along with security flaws that could be exploited through malicious extensions, but also announced a series of overall security and privacy improvements in the browser.