Google update for high-severity vulnerability in Chrome

THREAT LEVEL: Green.

For a detailed advisory, download the pdf file here

Google has released Chrome 98 as a stable channel for Windows, Mac, and Linux. This update addresses 19 security vulnerabilities. Eight of them are rated severity high, ten of them are medium and one of them is of severity low. This advisory highlights the high-impact vulnerabilities.

Five of the eight high-rated Chrome vulnerabilities are impacted by Use-After-Free (UAF) flaw. This is a vulnerability related to the incorrect use of dynamic memory during program operation. Successful exploitation of this issue may lead to data corruption, program crash or arbitrary code execution. In recent browser versions, a number of controls have been introduced that make exploitation of these use after free vulnerabilities much harder but despite this, they still seem to persist.

Another prominent attacks in this release are heap buffer overflow that affects the Chrome V8 engine. V8 is an open-source JavaScript engine that is used by Google Chrome and Chromium-based web browsers like Microsoft Edge, Opera, Amazon Silk, Brave, Yandex, and Vivaldi. Attackers may carry out this attack to gain access to information that is otherwise off-limits to them or to execute arbitrary code on the device.

Organizations should update to Chrome 98.0.4758.80/81/82 for Windows and 98.0.4758.80 for Mac and Linux to avoid exploitation.