December 1, 2023

Google releases patches for Chrome that resolve eight vulnerabilities, including five reported by external researchers.

All five security defects are use-after-free flaws, a type of memory safety bug. Four of these issues are high-severity bugs, impacting components such as Blink Media, Mojo IPC, Blink Frames, and Aura.

The vulnerabilities have been tracked as CVE-2022-4436 to CVE-2022-4439 and a medium severity vulnerability tracked as CVE-2022-4440.

The latest update currently rolling out to Mac and Linux users as version 108.0.5359.124, and to Windows users as version 108.0.5359.124/.125.

Google makes no mention of any of these vulnerabilities being exploited in malicious attacks.

Use-after-free issues exist because, after freeing a memory location, an application might not clear the pointer to that location. An attacker in a position to exploit a use-after-free vulnerability may be able to crash the application, corrupt data, or execute arbitrary code on the machine.

Leave a Reply

%d bloggers like this: