August 4, 2022

Google Patches 7 High-Severity Chrome Vulnerabilities

Google has released Chrome version 104.0.5112.79 (Mac/Linux) and 104.0.5112.79/80/81 (Windows), patching 27 vulnerabilities, including 7 High-Severity ‘use-after-free’ vulnerabilities which may lead to remote code execution (RCE).

The High-Severity Vulnerabilities

• CVE-2022-2603, High Severity – Use after free in Omnibox.
• CVE-2022-2604, High Severity – Use after free in Safe Browsing.
• CVE-2022-2605, High Severity – Out of bounds read in Dawn.
• CVE-2022-2606, High Severity – Use after free in Use after free in Managed devices API.
• CVE-2022-2607, High Severity – Use after free in Tab Strip.
• CVE-2022-2608, High Severity – Use after free in Overview Mode.
• CVE-2022-2609, High Severity – Use after free in Nearby Share.

Affected Products

These vulnerabilities affect all unpatched Chrome and Chromium based browsers.

Mitigation

CYREBRO recommends updating browsers to the latest Chrome version, 104.0.5112.79 for Mac/Linux and 104.0.5112.79/80/81 for Windows.

For the full patched vulnerabilities list, visit Chrome Releases.

References: Chrome Releases.