- 152/2022
- High
Google has released updated Chrome versions (103.0.5060.134) to fix several vulnerabilities. The remote attacker could exploit these vulnerabilities to take control of the affected system.
The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code in the context of the affected applications by persuading the victim to visit a specially crafted webpage.
Samples of the addressed vulnerabilities:
- Google Chrome Service Worker API code execution (CVE-2022-2480):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
- Google Chrome PDF code execution (CVE-2022-2478):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
Vulnerabilities
- CVE-2022-2477
- CVE-2022-2478
- CVE-2022-2479
- CVE-2022-2480
- CVE-2022-2481
- CVE-2022-24163
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.