Skip to content

Update Closes 79 Security Vulnerabilities in Google Chrome

(Image: heise medien). This week’s Chrome update fixes a total of 79 security vulnerabilities. Of these, 14 are classified as critical. Google released its weekly Chrome browser update on Wednesday. In the meantime, developers have patched the security vulnerabilities, of which a total of 79 posed a critical risk. In the release notes, Google [1] briefly notes the affected components and severity level of each vulnerability, as usual. Additional information is not available, but these vulnerabilities can typically be exploited by presenting modified or fake websites. Critical and high-risk vulnerabilities generally enable execution of malicious code, sandbox escapes, or access to sensitive/exploitable data. Only eight of the critical issues stem from use-after-free bugs, in which resources are accessed after being released, with undefined contents that frequently enable code smuggling. Beyond that, there are two integer overflows, one heap-based buffer overflow, insufficient validation of untrusted input, an object lifetime issue, and a race condition in the Payments component, which processes autofill and stores Google Pay together with associated credit card data. Google’s team classified a further 37 vulnerabilities as “high” and 28 as “medium”. Finally, Google states that none of them are being exploited in real-world attacks.

heise security News

Share on: