- 304/2022
- High
Google has released an updated Chrome version (108.0.5359.124/.125) for Windows and (108.0.5359.124) for Mac and Linux to fix multiple vulnerabilities in its Chrome desktop web browser.
The severity of the addressed vulnerability could allow the remote attacker to bypass security restrictions by creating a specially crafted web page to execute arbitrary code on the affected system.
Sample of the addressed vulnerabilities:
1. Google Chrome Code Execution (CVE-2022-4436):
• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
2. Google Chrome Code Execution (CVE-2022-4437):
• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
Vulnerabilities
- CVE-2022-4436
- CVE-2022-4437
- CVE-2022-4438
- CVE-2022-4439
- CVE-2022-4440
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.