Summary
CVEs: CVE-2022-0452, CVE-2022-0453, CVE-2022-0454, CVE-2022-0455, CVE-2022-0456, CVE-2022-0457, CVE-2022-0458, CVE-2022-0459
CVSS: Unscored; high
Affected Product: Google Chrome versions prior to 98.0.4758.80
Google released a new stable channel release of the Chrome browser - version 98.0.4758.80/81/82 for Windows. and 98.0.4758.80 for Mac and Linux - which addresses multiple vulnerabilities in the prior releases of the browser. Altogether, the release addresses eight vulnerabilities Google classifies as high risk, 10 vulnerabilities it classifies as medium risk, and one vulnerability it classifies as low risk.
Google is currently unaware of any active exploitation of these vulnerabilities in the wild.
Analysis
Affected Versions
The vulnerabilities affect Chrome versions prior to 98.0.4758.80/81/82 for Windows, and 98.0.4758.80 for Mac and Linux.
Potential Impact
The most severe of these vulnerabilities could lead to the execution of arbitrary code on an affected machine in the context of the browser. This, in turn, could lead to attackers being able to view, modify, or delete data on an affected machine.
Recommendations
Google has released a new stable Chrome update to address these vulnerabilities.
Additionally, organizations should ensure users run Chrome as non-privileged users to lower the effects of any successful attack.
References
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.htmlhttps://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
No comments:
Post a Comment