- 250/2022
- High
Google has released updated Chrome versions 107.0.5304.62 for Mac, 107.0.5304.68 for Linux, and 107.0.5304.62/63 for Windows to fix multiple vulnerabilities. The remote attacker could exploit these vulnerabilities to take control of the affected system or cause a denial of service.
The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code by persuading the victim to visit a specially crafted webpage or cause a denial of service condition on the affected system.
Sample of the addressed vulnerabilities:
1. Google Chrome V8 code execution (CVE-2022-3652):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Google Chrome Vulkan buffer overflow (CVE-2022-3653):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
Vulnerabilities
- CVE-2022-3652
- CVE-2022-3653
- CVE-2022-3654
- CVE-2022-3655
- CVE-2022-3656
- CVE-2022-3657
- CVE-2022-3658
- CVE-2022-3659
- CVE-2022-3660
- CVE-2022-3661
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.
Google Chrome releases