Google has released Chrome 97 security update (97.0.4692.71) for Windows, Mac and Linux with fixes for multiple vulnerabilities.
An attacker could exploit these vulnerabilities to take control of impacted systems.
The Chrome 97 security update patched 37 vulnerabilities in all, to include one Critical vulnerability and 10 High severity vulnerabilities, each discovered by external researchers:
- CVE-2022-0096: Use after free in Storage (Critical).
- CVE-2022-0097: Inappropriate implementation in DevTools (High).
- CVE-2022-0098: Use after free in Screen Capture (High).
- CVE-2022-0099: Use after free in Sign-in (High).
- CVE-2022-0100: Heap buffer overflow in Media streams API (High).
- CVE-2022-0101: Heap buffer overflow in Bookmarks (High).
- CVE-2022-0102: Type Confusion in V8 (High).
- CVE-2022-0103: Use after free in SwiftShader (High).
- CVE-2022-0104: Heap buffer overflow in ANGLE (High).
- CVE-2022-0105: Use after free in PDF (High).
- CVE-2022-0106: Use after free in Autofill (High).
None of these vulnerabilities had known exploits in the wild at the time of the original advisory post.
Finally, Google also released Chrome 97 (97.0.4664.104) for Android.
- Google releases Chrome 96 security update (96.0.4664.110) with fix for High risk zero-day exploited in the wild
- Microsoft December 2021 Security Updates includes fix for zero-day exploit used to spread Emotet malware
- Apples releases security updates for iOS 15.2, macOS Big Sur 11.6.2, macOS Monterey 12.1 and other products