Chrome 104.0.5112.101/102 fixes 11 vulnerabilities

Chrome[German]Google has released the update of Google Chrome 104.0.5112.101 for Linux and macOS and 104.0.5112.102 for Windows on the desktop in the stable channel on August 16, 2022. The security update closes numerous vulnerabilities.


Advertising

Google Chrome 104.0.5112.101/102

The relevant entry for Chrome 104.0.5112.x in the Stable Channel can be found on the Google blog. This update fixes 11 vulnerabilities, with Google only documenting the vulnerabilities listed below. 

  • [$NA][1349322] Critical CVE-2022-2852: Use after free in FedCM. Reported by Sergei Glazunov of Google Project Zero on 2022-08-02
  • [$7000][1337538] High CVE-2022-2854: Use after free in SwiftShader. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-06-18
  • [$7000][1345042] High CVE-2022-2855: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-07-16
  • [$5000][1338135] High CVE-2022-2857: Use after free in Blink. Reported by Anonymous on 2022-06-21
  • [$5000][1341918] High CVE-2022-2858: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05
  • [$NA][1350097] High CVE-2022-2853: Heap buffer overflow in Downloads. Reported by Sergei Glazunov of Google Project Zero on 2022-08-04
  • [$NA][1345630] High CVE-2022-2856: Insufficient validation of untrusted input in Intents. Reported by Ashley Shen and Christian Resell of Google Threat Analysis Group on 2022-07-19
  • [$3000][1338412] Medium CVE-2022-2859: Use after free in Chrome OS Shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-22
  • [$2000][1345193] Medium CVE-2022-2860: Insufficient policy enforcement in Cookies. Reported by Axel Chong on 2022-07-18
  • [$TBD][1346236] Medium CVE-2022-2861: Inappropriate implementation in Extensions API. Reported by Rong Jian of VRI on 2022-07-21

Other bugs have been uncovered and fixed by internal testing. However, Google does not give any further explanations about what is going on. The Chrome version for Windows will be rolled out to systems via the automatic update feature in the next few days. One can also update the browser manually (via the menu and the About Google Chrome command). The latest build of the Chrome browser can also be downloaded here. (via)


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in browser, Security, Update and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *