[German]Google has released updates to Google Chrome 98.0.4758.119 for Windows and Mac in the stable channel on March 1, 2022. There is also a new development branch for Chrome 99.0.4844.51 for desktop systems (Windows, Mac and Linux). The update closes 28 vulnerabilities. The Android browser has been updated to version 99.0.4844.48. Thanks to the reader for the tip. Here is a brief overview.
Advertising
Google Chrome 98.0.4758.119
Google blog has this post about the update to Chrome 98.0.4758.119 for Windows and Mac in the Extended Channel, but it doesn't give much. In the log you may find hints what has been fixed.
Google Chrome 99.0.4844.51
This is a new development branch of the browser for the Stable Channel. In this post there are some hints about what is new in this version. On the Google blog there is this post with the short description of the vulnerabilities closed in the Chrome browser for the desktop.
[$10000][1289383] High CVE-2022-0789: Heap buffer overflow in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-01-21
[$7000][1274077] High CVE-2022-0790: Use after free in Cast UI. Reported by Anonymous on 2021-11-26
[$7000][1278322] High CVE-2022-0791: Use after free in Omnibox. Reported by Zhihua Yao of KunLun Lab on 2021-12-09
[$7000][1285885] High CVE-2022-0792: Out of bounds read in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2022-01-11
[$7000][1291728] High CVE-2022-0793: Use after free in Views. Reported by Thomas Orlita on 2022-01-28
[$7000][1294097] High CVE-2022-0794: Use after free in WebShare. Reported by Khalil Zhani on 2022-02-04
[$5000][1282782] High CVE-2022-0795: Type Confusion in Blink Layout. Reported by 0x74960 on 2021-12-27
[$5000][1295786] High CVE-2022-0796: Use after free in Media. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-02-10
[$NA][1281908] High CVE-2022-0797: Out of bounds memory access in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-12-21
[$15000][1283402] Medium CVE-2022-0798: Use after free in MediaStream. Reported by Samet Bekmezci @sametbekmezci on 2021-12-30
[$10000][1279188] Medium CVE-2022-0799: Insufficient policy enforcement in Installer. Reported by Abdelhamid Naceri (halov) on 2021-12-12
[$7000][1242962] Medium CVE-2022-0800: Heap buffer overflow in Cast UI. Reported by Khalil Zhani on 2021-08-24
[$5000][1231037] Medium CVE-2022-0801: Inappropriate implementation in HTML parser. Reported by Michał Bentkowski of Securitum on 2021-07-20
[$3000][1270052] Medium CVE-2022-0802: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2021-11-14
[$3000][1280233] Medium CVE-2022-0803: Inappropriate implementation in Permissions. Reported by Abdulla Aldoseri on 2021-12-15
[$2500][1264561] Medium CVE-2022-0804: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2021-10-29
[$2000][1290700] Medium CVE-2022-0805: Use after free in Browser Switcher. Reported by raven at KunLun Lab on 2022-01-25
[$1000][1283434] Medium CVE-2022-0806: Data leak in Canvas. Reported by Paril on 2021-12-31
[$TBD][1287364] Medium CVE-2022-0807: Inappropriate implementation in Autofill. Reported by Alesandro Ortiz on 2022-01-14
[$TBD][1292271] Medium CVE-2022-0808: Use after free in Chrome OS Shell. Reported by @ginggilBesel on 2022-01-29
[$TBD][1293428] Medium CVE-2022-0809: Out of bounds memory access in WebXR. Reported by @uwu7586 on 2022-02-03
In addition, there are various fixes that Google found internally during audits. However, no details about the vulnerabilities will be published until the majority of users have switched over. The Chrome version for Windows, Mac and Linux will be rolled out to the systems via the automatic update function in the next few days. The latest build of the Chrome browser can also be downloaded here.
Advertising
too bad 98.0.4758.119 is not easily obtainable for casual PC users as google themselves have not provided an easy way to access to the "extended stable channel" versions
https://support.google.com/chrome/a/thread/131661877/how-can-you-download-the-extended-stable-channel-version-of-chrome