Google has released updates for the Chrome browser that includes 32 security fixes, including one critical bug
The stable channel was 102.0.5005.61/62/63 for Windows, and 102.0.5005.61 for Mac and Linux.
Google rates vulnerabilities as critical if they allow an attacker to run arbitrary code on the underlying platform with the user’s privileges in the normal course of browsing.
This update patches the critical vulnerability listed as CVE-2022-1853: Use after free in Indexed DB.
Use after free is a vulnerability due to incorrect use of dynamic memory during a program’s operation. If after freeing a memory location a program does not clear the pointer to that memory, an attacker can use the error to manipulate the program.
IndexedDB is a low-level API for client-side storage of significant amounts of structured data, including files. This API uses indexes to enable high performance searches of this data. While Document Object Model (DOM) Storage is useful for storing smaller amounts of data, IndexedDB provides a solution for storing larger amounts of structured data.
Out of other 31 vulnerabilities, Google has rated 12 as High. Another 13 vulnerabilities were rated as Medium. Remaining 6 rated as low.
As usual Google didn’t disclosed much details about the vulnerability.