Issued: Tuesday, 23 August, 2022 |
Last Revision: Tuesday, 23 August, 2022 |
Vendor: |
Product: |
Severity Level: |
Google has released Chrome version 104.0.5112.101 for Mac, Linux and 104.0.5112.102/101 for Windows. This update addresses 11 security flaws with one zero-day that is exploited in the wild. The exploited vulnerability is tracked as CVE-2022-2856.
With this release, a number of fixes and improvements have been made. On the successful exploitation of these vulnerabilities, attacker can execute arbitrary code, install programs, view, change, or delete data; or create new accounts with full user rights.
Nevertheless, these vulnerabilities may pose greater risks when combined with those of others, so Google Chrome is recommended to be updated to the latest version.
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2022-2852 | Use after free in FedCM | n/a |
CVE-2022-2856 | Insufficient validation of untrusted input in Intents | n/a |
Table 1: Vulnerability details
CVE/Vulnerability | Affected Product(s) |
CVE-2022-2852 CVE-2022-2856 | Google Chrome versions prior to 104.0.5112.101 for Mac and Linux |
Google Chrome versions prior to 104.0.5112.102/101 for Windows |
Table 2: Vulnerable versions
Organizers are encouraged to apply the latest stable channel with necessary testing. This is applicable to Windows, Mac and Linux platform.