Google has released Chrome 100.0.4896.60 for Windows, Mac and Linux with fixes for multiple High risk vulnerabilities. In addition, Google also issued security updates for Chrome for iOS, Chrome for Android and Chrome OS.
An attacker could exploit these vulnerabilities to take control of impacted systems.
The latest Chrome 100 security update (100.0.4896.60) patched 28 vulnerabilities in all, to include 9 High severity vulnerabilities, each discovered by external researchers:
- CVE-2022-1125: Use after free in Portals.
- CVE-2022-1127: Use after free in QR Code Generator.
- CVE-2022-1128: Inappropriate implementation in Web Share API.
- CVE-2022-1129: Inappropriate implementation in Full Screen Mode.
- CVE-2022-1130: Insufficient validation of untrusted input in WebOTP.
- CVE-2022-1131: Use after free in Cast UI.
- CVE-2022-1132: Inappropriate implementation in Virtual Keyboard.
- CVE-2022-1133: Use after free in WebRTC.
- CVE-2022-1134: Type Confusion in V8.
In addition, Google also addressed 10 Medium and 1 Low severity vulnerabilities also found by researchers.