In response to a critical use-after-free vulnerability and 36 more potential exploits, Google has released a series of updates to its Internet browser, Chrome. Barracuda MSP recommends that you update your browsers immediately to prevent cyber criminals from compromising and executing malicious code on your systems.
Technical Detail & Additional Information
WHAT IS THE THREAT?
Recently, a security researcher reported a critical use-after-free bug (CVE-2022-0096) in Google Chrome’s Storage component. Use-after-free vulnerabilities are notorious for allowing cyber criminals to exploit previously-freed memory to execute arbitrary code or corrupt valid data on impacted machines.
Google’s latest security update also address 10 High-severity vulnerabilities submitted by external security researchers. Following standard procedure, Google has restricted information about new exploits to give other projects and users time to update their libraries. However, Google has shared details about the following vulnerabilities and offers more details in their release blog here.
- High CVE-2022-0097: Inappropriate implementation in DevTools. Reported by David Erceg on 2020-08-17
- High CVE-2022-0098: Use after free in Screen Capture. Reported by @ginggilBesel on 2021-11-24
- High CVE-2022-0099: Use after free in Sign-in. Reported by Rox on 2021-09-01
- High CVE-2022-0100: Heap buffer overflow in Media streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-08-10
- High CVE-2022-0101: Heap buffer overflow in Bookmarks. Reported by raven (@raid_akame) on 2021-09-14
- High CVE-2022-0102: Type Confusion in V8 . Reported by Brendon Tiszka on 2021-10-14
- High CVE-2022-0103: Use after free in SwiftShader. Reported by Abraruddin Khan and Omair on 2021-11-21
- High CVE-2022-0104: Heap buffer overflow in ANGLE. Reported by Abraruddin Khan and Omair on 2021-11-25
- High CVE-2022-0105: Use after free in PDF. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-11-28
- High CVE-2022-0106: Use after free in Autofill. Reported by Khalil Zhani on 2021-12-10
WHY IS IT NOTEWORTHY?
There are 2.65 billion Chrome users worldwide, exposing a large pool of potential victims to these attacks. Many people use Chrome for business as well as personal reasons, meaning it essential for both organizations and individuals to ensure they are secured against these vulnerabilities.
WHAT IS THE EXPOSURE OR RISK?
To check if you are secured, navigate to the three-dot menu in the top right corner of your Chrome browser and click on Help > About Google Chrome. If your Chrome version matches version 97.0.4692.71 or higher, you are safe. If not, you are vulnerable to these exploits.
WHAT ARE THE RECOMMENDATIONS?
To secure users against these threats, Google has released a critical Chrome update, version 97.0.4692.71. When you navigate to Help > About Google Chrome, Chrome may begin to auto-update to the most recent, secure version if it has not updated already.
After you update Chrome, be sure to restart the browser to finalize your update. Your browser will not be secure until it has restarted. Following an update and restart, your Chrome browser is prepared to protect you from these threats.
For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our Security Operations Center.