Google Patches Vulnerabilities in Chrome 102
Google released patches for Chrome browser that resolves seven vulnerabilities, including four issues reported by external researchers.
Tracked as CVE-2022-2007, the first of these bugs is described as a use-after-free in WebGPU.
Use-after-free issues are triggered when a program doesn’t clear the pointer after freeing memory allocation, and can be exploited for arbitrary code execution, denial of service, or data corruption, potentially leading to system compromise.
Another use-after-free vulnerability addressed with this Chrome tracked as CVE-2022-2011, a flaw identified in ANGLE, Chrome’s graphics engine abstraction layer. The bug was reported by SeongHwan Park.
Another issue tracked as CVE-2022-2008, an out-of-bounds memory access in WebGL also resolved
The fourth vulnerability addressed with this browser update is CVE-2022-2010, an out-of-bounds read in compositing.
The latest Chrome iteration is now rolling out to Windows, Mac, and Linux users as version 102.0.5005.115. Exploitation details not provided by Google. Users are advised to update their browser