===========================================================================
ZMCIRT Vulnerability Bulletin
ZMC-2022.13.06.0800
Google Chrome: CVSS (Max): None
13th June 2022
===========================================================================
Product: Google Chrome
Publisher: Google
Operating System: Windows
macOS
Linux variants
Resolution: Patch/Upgrade
CVE Names: CVE-2022-2011 CVE-2022-2010 CVE-2022-2008
CVE-2022-2007
Original Bulletin:
http://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html
Comment: CVSS (Max): None available when published
- --------------------------BEGIN INCLUDED TEXT--------------------
Stable Channel Update for Desktop
Posted: 09 Jun 2022 11:44 AM PDT
The Stable channel has been updated to 102.0.5005.115 for Windows, Mac and
Linux which will roll out over the coming days/weeks.
A full list of changes in this build is available in the log. Interested in
switching release channels? Find out how here. If you find a new issue,
please let us know by filing a bug. The community help forum is also a
great place to reach out for help or learn about common issues.
Security Fixes and RewardsNote: Access to bug details and links may be kept
restricted until a majority of users are updated with a fix. We will also
retain restrictions if the bug exists in a third party library that other
projects similarly depend on, but havenâ\x{128}\x{153}t yet fixed.
This update includes 7 security fixes. Below, we highlight fixes that were
contributed by external researchers. Please see the Chrome Security Page
for more information.
[$10000][1326210] High CVE-2022-2007: Use after free in WebGPU. Reported by
David Manouchehri on 2022-05-17[$TBD][1317673] High CVE-2022-2008: Out of
bounds memory access in WebGL. Reported by khangkito - Tran Van Khang
(VinCSS) on 2022-04-19[$NA][1325298] High CVE-2022-2010: Out of bounds read
in compositing. Reported by Mark Brand of Google Project Zero on
2022-05-13[$TBD][1330379] High CVE-2022-2011: Use after free in ANGLE.
Reported by SeongHwan Park (SeHwa) on 2022-05-31
We would also like to thank all security researchers that worked with us
during the development cycle to prevent security bugs from ever reaching
the stable channel.
As usual, our ongoing internal security work was responsible for a wide
range of fixes:[1333948] Various fixes from internal audits, fuzzing and
other initiatives
Many of our security bugs are detected using AddressSanitizer,
MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity,
libFuzzer, or AFL.
Interested in switching release channels? Find out how here. If you find a
new issue, please let us know by filing a bug. The community help forum is
also a great place to reach out for help or learn about common
issues.Prudhvikumar BommanaGoogle Chrome
- --------------------------END INCLUDED TEXT--------------------
ZMCIRT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. ZMCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Internet Email: report@cirt.zm
Telephone: 7070
ZMCIRT personnel answer during Zambian business hours
which are 8am to 5pm.
On call after hours for member emergencies only.
===========================================================================
Copyright @2023 ZAMBIA CIRT