"High-Severity Memory Safety Bugs Patched With Latest Chrome 108 Update"

Google recently announced a Chrome update that resolves eight vulnerabilities in the popular browser, including five reported by external researchers.  All five security defects are use-after-free flaws, a type of memory safety bug that has been prevalent in Chrome over the past years and which Google has long-battled to eliminate.  According to Google, four of these issues are high-severity bugs, impacting components such as Blink Media, Mojo IPC, Blink Frames, and Aura.  Google noted that the vulnerabilities have been issued CVE identifiers CVE-2022-4436 to CVE-2022-4439 and are accompanied by CVE-2022-4440, a medium-severity use-after-free.  Google says it has paid $17,500 in bug bounties to the reporting researchers, but the final amount might be higher, as only four out of five rewards have been disclosed.  The latest Chrome browser release is currently rolling out to Mac and Linux users as version 108.0.5359.124 and Windows users as version 108.0.5359.124/.125.  Google has not mentioned whether or not any of these vulnerabilities are being exploited in malicious attacks.  To date, there have been nine documented Chrome zero-day flaws in 2022.

SecurityWeek reports: "High-Severity Memory Safety Bugs Patched With Latest Chrome 108 Update"