Google has released Long Term Support (LTS) 102 security update and Stable Channel update for Chrome OS devices to fix multiple High risk vulnerabilities.
An attacker could exploit these vulnerabilities to take control of impacted systems.
Google rolled out its Long Term Support Channel Update (LTS-102) for ChromeOS to 102.0.5005.194 (Platform Version: 14695.173.0) for most ChromeOS devices.
The LTS-102 update addressed the following High severity vulnerabilities:
- CVE-2022-4437: Use after free in Mojo IPC
- CVE-2022-4436: Use after free in Blink Media (High)
- CVE-2022-42720: Linux kernel vulnerability advisory (High)
- CVE-2022-41674: Linux kernel vulnerability advisory (High)
- CVE-2022-42719: Linux kernel vulnerability advisory (High).
As noted in the advisory, there were no known active exploits in the wild for these vulnerabilities.
In addition, Google will be rolling out its Stable Channel Update in coming days to 108.0.5359.172 (Platform version: 15183.78.0) for ChromeOS / ChromeOS Flex. No CVEs were listed in the advisory.