April 25, 2024

Google released Chrome 108, a last major feature update for 2022 with this cross-platform web browser.

Chrome 108 now officially supports Federated Credentials Management, which was previously referred to as WebID. The Federated Credentials Management “FedCM” was previously shipping as a dev/origin trial in prior releases but is now deemed ready to support.

There are several CSS additions this round including support for break-after, break-before, and break-inside. There is also support for using the CSS “overflow” property for replaced elements that paint outside of the content box. Chrome’s CSS support also now has support for sv* units, lv* units, dv* units and the logical vi/vb units.

Advertisements

Chrome 108 also now allows printing with LayoutNG rather than printing using the legacy engine, support for Media Source Extensions (MSE) within DedicatedWorker contexts, variable COLRv1 support, and wild-cards for permissions policy origins.

Chrome 108 also removes various deprecated developer features, adds some new developer items as developer/origin trials, and other fixes. Chrome 108 also adds an optional new “energy saver” mode that can be used for trying to conserve background activity and visual effects to save power.

High Severity Bugs

  • CVE-2022-4174: Type Confusion in V8.
  • CVE-2022-4175: Use after free in Camera Capture.
  • CVE-2022-4176: Out of bounds write in Lacros Graphics.
  • CVE-2022-4177: Use after free in Extensions.
  • CVE-2022-4178: Use after free in Mojo.
  • CVE-2022-4179: Use after free in Audio.
  • CVE-2022-4180: Use after free in Mojo.
  • CVE-2022-4181: Use after free in Forms.

Medium Severity Bugs

  • CVE-2022-4182: Inappropriate implementation in Fenced Frames.
  • CVE-2022-4183: Insufficient policy enforcement in Popup Blocker.
  • CVE-2022-4184: Insufficient policy enforcement in Autofill.
  • CVE-2022-4185: Inappropriate implementation in Navigation.
  • CVE-2022-4186: Insufficient validation of untrusted input in Downloads.
  • CVE-2022-4187: Insufficient policy enforcement in DevTools.
  • CVE-2022-4188: Insufficient validation of untrusted input in CORS.
  • CVE-2022-4189: Insufficient policy enforcement in DevTools.
  • CVE-2022-4190: Insufficient data validation in Directory.
  • CVE-2022-4191: Use after free in Sign-In.
  • CVE-2022-4192: Use after free in Live Caption.
  • CVE-2022-4193: Insufficient policy enforcement in File System API.
  • CVE-2022-4194: Use after free in Accessibility.
  • CVE-2022-4195: Insufficient policy enforcement in Safe Browsing.
Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

ArcaneDoor Exploits Cisco ASA and FTD

April 25, 2024

Google Fixes Critical Vulnerability in Chrome -CVE-2024-4058

April 24, 2024

Red Ransomware Victimized Targus

April 23, 2024

Oracle Virtual Box Vulnerability PoC Released – CVE-2024-21111

April 22, 2024

CrushFTP Zeroday Vulnerability Exploited in Wild attack

April 21, 2024

TheCyberThrone Security Week In Review – April 20, 2024

April 21, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading