Google has released security updates for ChromeOS 101.0.4951.59 and Chrome 101 (101.0.4951.61) for Android with fixes for multiple High risk vulnerabilities.
An attacker could exploit these vulnerabilities to take control of impacted systems.
ChromeOS
The ChromeOS 101.0.4951.59 Stable Channel update (Platform version: 14588.98.0) is now available for most Chrome OS devices.
The update includes fixes for a ‘Heap Use-after-free’ and a ‘use after free in Chrome OS shell’ vulnerability, each rated High. To add, five other Medium severity issues were also patched.
No CVEs were provided in the advisory.
Chrome 101 for Android
The Chrome 101 (101.0.4951.61) for Android security update addressed 13 vulnerabilities, including the following eight High severity vulnerabilities:
- CVE-2022-1633: Use after free in Sharesheet.
- CVE-2022-1634: Use after free in Browser UI.
- CVE-2022-1635: Use after free in Permission Prompts.
- CVE-2022-1636: Use after free in Performance APIs.
- CVE-2022-1637: Inappropriate implementation in Web Contents.
- CVE-2022-1638: Heap buffer overflow in V8 Internationalization.
- CVE-2022-1639: Use after free in ANGLE.
- CVE-2022-1640: Use after free in Sharing.
Moreover, none of these issues had known public exploits at the time of publication.