- 231/2022
- High
Google has released an updated Chrome version 106.0.5249.119 for Windows, Mac, and Linux to fix multiple vulnerabilities. The remote attacker could exploit some of these vulnerabilities to take control of the affected system or cause a denial of service.
The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code or bypass security restrictions by persuading the victim to visit a specially crafted webpage or cause a denial of service condition on the affected system.
Sample of the addressed vulnerabilities:
1. Google Chrome Skia code execution (CVE-2022-3445):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Google Chrome WebSQL buffer overflow (CVE-2022-3446):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
Vulnerabilities
- CVE-2022-3445
- CVE-2022-3446
- CVE-2022-3447
- CVE-2022-3448
- CVE-2022-3449
- CVE-2022-3450
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.