Google Patches Vital Vulnerability With Chrome 99 Replace

A Chrome 99 replace launched by Google on Tuesday patches a essential vulnerability found by one of many firm’s personal researchers.

The essential flaw, tracked as CVE-2022-0971, has been described as a use-after-free problem affecting the Blink Structure element. Sergei Glazunov of Google Venture Zero has been credited for reporting the flaw.

Google doesn’t typically assign a “essential severity” score to Chrome vulnerabilities. The truth is, over the previous yr, solely 4 different Chrome updates fastened a essential problem. Two of the 4 essential vulnerabilities had been found by Glazunov, who has additionally recognized a high-severity bug that was patched this week.

The most recent Chrome replace consists of 11 safety fixes, together with eight with a “excessive severity” score. These flaws, which may sometimes enable a sandbox escape or distant code execution, are largely use-after-free points.

Google has paid out almost $40,000 to the exterior researchers who reported the vulnerabilities patched with this Chrome replace, however some rewards have but to be decided.

The web big stated just lately that it paid out almost $9 million in bug bounties final yr, together with roughly $3.1 million for Chrome vulnerabilities.

There was a surge in Chrome vulnerabilities exploited within the wild, with 14 zero-days exploited in 2021, way over another common net browser.

Google final week tried to elucidate this development, naming a number of components which have apparently contributed. The checklist consists of extra transparency relating to energetic exploitation, elevated complexity of the browser, the necessity to chain a number of flaws for a helpful exploit, and attackers more and more focusing on the browser itself following the demise of Flash, their former favourite goal.

Associated: Google Discovers Assault Exploiting Chrome Zero-Day Vulnerability

Associated: Chrome 95 Replace Patches Exploited Zero-Days, Flaws Disclosed at Tianfu Cup

Associated: Google Paid Out Over $100,000 for Vulnerabilities Patched by Chrome 99

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He labored as a highschool IT instructor for 2 years earlier than beginning a profession in journalism as Softpedia’s safety information reporter. Eduard holds a bachelor’s diploma in industrial informatics and a grasp’s diploma in pc strategies utilized in electrical engineering.

Earlier Columns by Eduard Kovacs:

Supply hyperlink