{"id":19487,"date":"2022-03-31T12:42:08","date_gmt":"2022-03-31T16:42:08","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/chrome-ten-high-severity-vulnerabilities\/19487\/"},"modified":"2022-04-06T19:43:25","modified_gmt":"2022-04-06T15:43:25","slug":"chrome-ten-high-severity-vulnerabilities","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/chrome-ten-high-severity-vulnerabilities\/19487\/","title":{"rendered":"10 high severity vulnerabilities in Google Chrome"},"content":{"rendered":"<div style=\"background-color: #e5f0ec; padding: 10px 25px; margin-bottom: 10px;\"><strong>Updated on April 6:<\/strong> One more high-severity vulnerability (CVE-2022-1232) <a href=\"https:\/\/chromereleases.googleblog.com\/2022\/04\/stable-channel-update-for-desktop.html\" target=\"_blank\" rel=\"nofollow noopener\">was found<\/a> in Chrome by one of Google\u2019s own internal researchers on March 30; it was fixed several days later. This vulnerability is also related to Type Confusion in Chrome\u2019s V8 engine. As per usual, Google hasn\u2019t disclosed further details yet. That said, you should update your Chrome browser now \u2013 be it on Windows, Mac or Linux \u2013 to version 100.0.4896.75.<\/div>\n<p>Google has fixed 28 vulnerabilities by releasing <a href=\"https:\/\/chromereleases.googleblog.com\/2022\/03\/stable-channel-update-for-desktop_29.html\" target=\"_blank\" rel=\"nofollow noopener\">update 100.0.4896.60<\/a> for its Chrome browser. At least 9 of them have a high severity rating \u2014 adding to CVE-2022-1096, another high severity vulnerability which Google patched with a <a href=\"https:\/\/chromereleases.googleblog.com\/2022\/03\/stable-channel-update-for-desktop_25.html?m=1\" target=\"_blank\" rel=\"nofollow noopener\">separate update<\/a> just a few days ago. So in total, the Chrome developers have released patches for 10 high severity vulnerabilities in less than a week. In other words, if you have not rebooted your computer for quite some time or did not restart your browser recently, then it\u2019s time to update.<\/p>\n<h2> CVE-2022-1096 vulnerability<\/h2>\n<p>So far Google has not published details about any of the vulnerabilities \u2014 as per the company\u2019s security policy, access to a detailed description of the bugs remains restricted until the majority of active users update their browser. But it is already clear that it is the <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-1096\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-1096<\/a> vulnerability (the one that Google closed with a separate patch on Friday, March 25, just four days before the major update) that may cause real problems.<\/p>\n<p>CVE-2022-1096 belongs to the Type Confusion class, that means it is connected to some error in data types handling in the V8 engine. The vulnerability is pretty dangerous, judging by the fact that Google addressed this bug separately with an emergency patch. What\u2019s more, according to the patch release notes, Google was aware that an exploit for this vulnerability already existed on March 25. The next day, Microsoft <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-1096\" target=\"_blank\" rel=\"nofollow noopener\">fixed the same vulnerability<\/a> in its Chromium-based Edge browser. Summing up the available information, it is reasonable to assume that an exploit for the vulnerability not only exists, but is actively being used by attackers.<\/p>\n<h2>Another 28 new vulnerabilities<\/h2>\n<p>Of the 28 vulnerabilities that the latest update addresses, most (20) were discovered by independent researchers, and the remaining eight by Google\u2019s internal experts. Of the nine vulnerabilities with a high severity level, four (CVE-2022-1125, CVE-2022-1127, CVE-2022-1131, CVE-2022-1133) belong to the use-after-free class; three more (CVE-2022-1128, CVE-2022-1129, CVE-2022-1132) are related to inappropriate implementations in various components, another one (CVE-2022-1130) has to do with an insufficient validation of untrusted input in WebOTP and the remaining one (CVE-2022-1134), like the aforementioned CVE-2022-1096, is a Type Confusion problem in V8 engine.<\/p>\n<h2>How to stay safe?<\/h2>\n<p>First, you need to update your browser to the latest version \u2014 at the time of this writing, it is 100.0.4896.60. If your version of Chrome is older, that means your browser has not been updated automatically and we recommend updating it manually using our <a href=\"https:\/\/www.kaspersky.com\/blog\/how-to-update-google-chrome\/43547\/\" target=\"_blank\" rel=\"noopener nofollow\">step-by-step instructions<\/a>. If you use Microsoft Edge, then don\u2019t forget to update it too \u2014 this is done in the same way as with Google Chrome.<\/p>\n<p>We also recommend that you to follow the news and timely update the most <a href=\"https:\/\/www.kaspersky.com\/blog\/5-things-that-you-must-update-asap\/39911\/\" target=\"_blank\" rel=\"noopener nofollow\">critical programs<\/a>, including security solutions, browsers, office suites and the operating system itself.<\/p>\n<p>In addition, we recommend using <a href=\"https:\/\/me-en.kaspersky.com\/premium?icid=me-en_bb2022-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\" rel=\"noopener\">reliable security solutions<\/a> that can automatically detect and prevent attempts to exploit vulnerabilities, so you can protect yourself from attacks even before official patches are released.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"ksc-trial-generic\">\n","protected":false},"excerpt":{"rendered":"<p>The recent Google Chrome update patches 10 high severity vulnerabilities and a dozen of less critical bugs. Time to update your browser!<\/p>\n","protected":false},"author":2698,"featured_media":19488,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1486],"tags":[1636,16,22,268],"class_list":{"0":"post-19487","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-browsers","9":"tag-chrome","10":"tag-google","11":"tag-vulnerabilities"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/chrome-ten-high-severity-vulnerabilities\/19487\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/chrome-ten-high-severity-vulnerabilities\/24000\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/chrome-ten-high-severity-vulnerabilities\/9838\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/chrome-ten-high-severity-vulnerabilities\/26310\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/chrome-ten-high-severity-vulnerabilities\/24268\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/chrome-ten-high-severity-vulnerabilities\/27029\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/chrome-ten-high-severity-vulnerabilities\/26574\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/chrome-ten-high-severity-vulnerabilities\/33016\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/chrome-ten-high-severity-vulnerabilities\/10589\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/chrome-ten-high-severity-vulnerabilities\/44023\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/chrome-ten-high-severity-vulnerabilities\/18699\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/chrome-ten-high-severity-vulnerabilities\/19238\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/chrome-ten-high-severity-vulnerabilities\/15890\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/chrome-ten-high-severity-vulnerabilities\/28426\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/chrome-ten-high-severity-vulnerabilities\/28185\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/chrome-ten-high-severity-vulnerabilities\/24914\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/chrome-ten-high-severity-vulnerabilities\/30349\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/chrome-ten-high-severity-vulnerabilities\/30117\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/chrome\/","name":"Chrome"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19487","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2698"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=19487"}],"version-history":[{"count":3,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19487\/revisions"}],"predecessor-version":[{"id":19507,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19487\/revisions\/19507"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/19488"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=19487"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=19487"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=19487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}