- 198/2022
- High
Google has released an updated Chrome version (105.0.5195.52/53/54) for Windows and (105.0.5195.52) for (Mac/Linux) to fix several vulnerabilities. The remote attacker could exploit these vulnerabilities to take control of the affected system and bypass security.
The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code or cause a denial of service condition on the affected system by persuading the victim to visit a specially crafted webpage.
Sample of the addressed vulnerabilities:
1. Google Chrome Network Service Code Execution (CVE-2022-3038):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Google Chrome WebSQL Code Execution (CVE-2022-3039):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
Vulnerabilities
- CVE-2022-3038
- CVE-2022-3039
- CVE-2022-3040
- CVE-2022-3041
- CVE-2022-3042
- CVE-2022-3049
- CVE-2022-3050
- CVE-2022-3051
- CVE-2022-3052
- CVE-2022-3053
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.