As a result, CISA issued a warning urging IT administrators and regular users to install updates as soon as possible so that their systems are not vulnerable to bugs. Among the most serious vulnerabilities fixed in Google, Chrome update is CVE-2022-2477.
A vulnerability caused by an unpatched bug in Guest View that could allow a remote attacker to execute arbitrary code on systems or crash them. . Use-after-free is a dynamic memory abuse vulnerability during application operation that accidentally frees memory space—something an attacker can exploit.
Another of the vulnerabilities, CVE-2022-2480, is related to an unpatched bug in the Service Worker API, which acts as a proxy server that sits between web applications, browsers, and networks to provide offline experiences. , beside.
The specific functionality associated with this vulnerability has not been disclosed, but if exploited, it could lead to a memory corruption error, which could be used to crash systems or execute code — essentially allowing attackers to install malware or otherwise abuse the system.
It requires some sort of user interaction, but like many of the vulnerabilities listed in this update, not all details have been released. According to Google, this is because they wait for users to apply the updates first, so they are protected from anyone trying to exploit them. "Access to bug details and links may be restricted until most users are updated with the fix," the Chrome team said in an update. "We also want to thank all the security researchers who worked with us during the development cycle to prevent security bugs from making it to the stable channel," she added. CISA warned that the fixes address "vulnerabilities that an attacker could exploit to take control of the affected system" and that updates should be made available as soon as possible.
0 Comments
If you have any doubt Please let me Know!
Emoji