Google has released a security update for its Chrome browser. The developers have closed seven vulnerabilities in the browser.
With Chrome 102.0.5005.115 for Windows, macOS and Linux, Google has released the first security update for Chrome 102. In the Chrome Release Blog, Prudhvikumar Bommana lists the four of the seven fixed vulnerabilities that were discovered by external researchers and reported to Google. There are no 0-day gaps underneath.
Google classifies all four of these vulnerabilities (CVE-2022-2007, -2008, -2010, -2011) as high risk. These are two use-after-free vulnerabilities and two memory access violations in various browser components such as WebGPU, WebGL and ANGLE. Google has so far awarded one of the outside researchers a $10,000 bounty, but several of the gaps have yet to be determined as to the amount of the bounty. As always, Google has not published any details about the internally found security gaps. As a rule, Chrome updates itself automatically when a new version is available.
▶The latest security updates
Other Chromium-based browsers
The manufacturers of other Chromium-based browsers are now being asked to follow suit with appropriate updates. So far, the Chromium versions used have been a mixed bag. After all, everyone has already arrived at Chromium 102 as a basis.
Brave just updated its browser to version 1.39.120 the day before to fix some bugs. The developers also installed a somewhat newer Chromium version (102.0.5005.99). However, the gaps plugged with the recent Chrome update have not yet been fixed in Brave.
Although Microsoft updated its Edge browser almost simultaneously with Google, the latest Edge version 102.0.1245.39 is still based on Chromium 102.0.5005.63 from May 24th. With the update, Microsoft has fixed an Edge-specific vulnerability (CVE-2022-22021). Microsoft identifies it as a medium risk. It can allow injected code to break out of the browser sandbox. However, this requires the active assistance of a user, hence the relatively low risk rating by Microsoft – despite the relatively high CVSS score of 8.3.
In Vivaldi 5.3.2679.51 the manufacturer released the integrated mail client. Chromium 102.0.5005.108 works as the browser basis under the hood. A security update is also necessary here. This also applies to Opera, which with the recent switch to version branch 88 is still based on Chromium 102.0.5005.61.
On June 21, Google plans to release Chrome 103 as scheduled.
Chromium-based browsers at a glance: