Cybersecurity Google Sees Double As Chrome Security Update 2 Arrives For Windows, Mac & Linux Davey Winder Senior Contributor Opinions expressed by Forbes Contributors are their own. Co-founder, Straight Talking Cyber New! Follow this author to improve your content experience. Got it! Jul 20, 2022, 03:26am EDT | New! Click on the conversation bubble to join the conversation Got it! Share to Facebook Share to Twitter Share to Linkedin Google has just confirmed the second clutch of security updates for the Chrome browser in July.
Version 103. 0. 5060.
134 for all Windows, Mac, and Linux users will become available in the coming days . While this update will roll out automatically, users who don’t restart their browser regularly are advised to check manually and force the security patch activation. Update your Google Chrome browser ASAP Davey Winder In total, this update to Chrome 103.
0. 5060. 134 fixes 11 security issues.
Five of these were discovered by internal security audits and ‘fuzzing’ which is an automatic process looking for exceptions when providing unexpected or random inputs. The remaining six issues are vulnerabilities uncovered by security researchers. Unlike the first Chrome update this month, none are zero days where attackers are known to be already exploiting them in the wild.
It would also appear that there are no security fixes in the Android Chrome update announced at the same time. Check the version number to ensure Google Chrome is secure Davey Winder Five of the six vulnerabilities are rated as high impact, with the sixth being a low impact issue. In total, $33,500 in bug bounties was awarded to the researchers who disclosed the vulnerabilities.
Some $23,000 of this went to just two researchers, one of which, surprisingly, was for that low-impact vulnerability. MORE FOR YOU iOS 15: Apple Issues 22 Important iPhone Security Updates Widely-Used Hikvision Security Cameras Vulnerable To Remote Hijacking iOS 15 Is Available Now With These Stunning New iPhone Privacy Features MORE FROM FORBES New 0Day Hack Attack Alert Issued For All Windows Users By Davey Winder As usual, there is little detailed information available currently. Google sensibly withholds this until such a time as a majority of the userbase has had the opportunity to update.
Here’s what we do know: $16,000 was awarded to an anonymous researcher for a high-rated use after free vulnerability CVE-2022-2477 in guest view. $7,500] was awarded to ‘triplepwns’ for a high-rated use after free vulnerability CVE-2022-2478 in PDF. $3,000 was awarded to an anonymous researcher for a high-rated vulnerability CVE-2022-2479 involving insufficient validation of untrusted input in files Two further high-rated vulnerabilities, CVE-2022-2480 and CVE-2022-2481, from Sergei Glazunov (a member of the Google Project Zero team) and YoungJoo Lee respectively, have yet to have any bounty awarded.
The first is a use after free in the service worker API and the second a use after free in views. $7,000 was awarded to Chaoyuan Peng for the low-rated use after free vulnerability CVE-2022-2163 in cast user interface and toolbar. MORE FROM FORBES Inside The Russian Cybergang Thought To Be Attacking Ukraine-The Trickbot Leaks By Davey Winder Follow me on Twitter or LinkedIn .
Check out my website or some of my other work here . Davey Winder Editorial Standards Print Reprints & Permissions.
From: forbes
URL: https://www.forbes.com/sites/daveywinder/2022/07/20/google-sees-double-as-chrome-security-update-2-arrives-for-windows-mac–linux/
