A Chrome 99 replace launched by Google on Tuesday patches a essential vulnerability found by one of many firm’s personal researchers.
The essential flaw, tracked as CVE-2022-0971, has been described as a use-after-free problem affecting the Blink Structure element. Sergei Glazunov of Google Venture Zero has been credited for reporting the flaw.
Google doesn’t typically assign a “essential severity” score to Chrome vulnerabilities. The truth is, over the previous yr, solely 4 different Chrome updates fastened a essential problem. Two of the 4 essential vulnerabilities had been found by Glazunov, who has additionally recognized a high-severity bug that was patched this week.
The most recent Chrome replace consists of 11 safety fixes, together with eight with a “excessive severity” score. These flaws, which may sometimes enable a sandbox escape or distant code execution, are largely use-after-free points.
Google has paid out almost $40,000 to the exterior researchers who reported the vulnerabilities patched with this Chrome replace, however some rewards have but to be decided.
The web big stated just lately that it paid out almost $9 million in bug bounties final yr, together with roughly $3.1 million for Chrome vulnerabilities.
There was a surge in Chrome vulnerabilities exploited within the wild, with 14 zero-days exploited in 2021, way over another common net browser.
Google final week tried to elucidate this development, naming a number of components which have apparently contributed. The checklist consists of extra transparency relating to energetic exploitation, elevated complexity of the browser, the necessity to chain a number of flaws for a helpful exploit, and attackers more and more focusing on the browser itself following the demise of Flash, their former favourite goal.
Associated: Google Discovers Assault Exploiting Chrome Zero-Day Vulnerability
Associated: Chrome 95 Replace Patches Exploited Zero-Days, Flaws Disclosed at Tianfu Cup
Associated: Google Paid Out Over $100,000 for Vulnerabilities Patched by Chrome 99