Google has confirmed multiple new vulnerabilities have been discovered in Chrome that impact the browser across all major platforms. Here’s everything you need to know to stay safe.
Google confirmed the vulnerabilities on its Chrome blog post, revealing 30 new security flaws have been discovered in Chrome, seven of which it says pose a ‘High’ threat level to users. They affect Chrome on Windows, macOS, Linux, and mobile.
As is standard practice in these circumstances, Google is currently restricting information about the vulnerabilities “until a majority of users are updated with a fix” and you should use this time wisely. Below are the seven high threat level exploits Google revealed:
- High – CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-04-06
- High – CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park (SeHwa) on 2022-02-20
- High – CVE-2022-1479: Use after free in ANGLE. Reported by Jeonghoon Shin of Theori on 2022-03-10
- High – CVE-2022-1480: Use after free in Device API. Reported by @uwu7586 on 2022-03-17
- High – CVE-2022-1481: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-03-04
- High – CVE-2022-1482: Inappropriate implementation in WebGL. Reported by Christoph Diehl, Microsoft on 2022-03-10
- High – CVE-2022-1483: Heap buffer overflow in WebGPU. Reported by Mark Brand of Google Project Zero on 2022-04-08
Use After Free (UAF) attacks continue to be the best path for cracking Chrome. 11 of the 30 new Chrome vulnerabilities are via UAF (a memory exploit). This method of attack has now breached Chrome security over 65 times in 2022.