Google has released a security update for its Google Chrome browser on Windows, Mac and Linux to fix ten security vulnerabilities, some of which could allow remote attackers to crash vulnerable systems.
Google has detailed some of the fixes in a Google Chrome release update – although the company is currently withholding full details about many of the issues until most users have applied the updates, which are due to rollout over the coming days and weeks.
In total, the latest Google Chrome update includes 10 security updates – which are also available for Google Chrome on mobile devices unless otherwise indicated. Six of the updates have been classified as ‘high severity’. That means the updates should be applied as soon as possible.
The vulnerabilities could potentially enable a remote attacker to exploit ‘heap corruption’ via a crafted HTML page. The corruption affects the ‘heap’, an area of pre-reserved computer memory that a program uses to store a variable amount of data.
Heap corruption occurs when a program damages the view of the heap, which can result in a memory fault to the extent it could cause a crash.
CVE-2022-3885 is a vulnerability in V8, the open-source JavaScript engine developed by the Chromium Project for Google Chrome and Chromium web browsers which could cause heat corruption, while CVE-2022-3886 is a vulnerability in Speech Recognition in Google Chrome which can be exploited for the same effect.
CVE-2022-3887 is a vulnerability in Web Workers, which is used in Google Chrome to run scripts in the background without interfering with the user interface. CVE-2022-3888 is a vulnerability in WebCodecs in Google Chrome, which is used to provide low-level access to media encoders and decoders.
