"Google Patches 14 Vulnerabilities With Release of Chrome 103"

Google recently released Chrome 103 to the stable channel with patches for 14 vulnerabilities, including nine reported by external researchers.  The most severe vulnerability is CVE-2022-2156, which is described as a critical-severity use-after-free issue in Base.  Leading to arbitrary code execution, corruption of data, or denial of service, use-after-free flaws are triggered when a program frees memory allocation but does not clear the pointer after that.  If combined with other security holes, use-after-free bugs can lead to complete system compromise.  Researchers noted that they can often be exploited in Chrome to escape the browser’s sandbox.  Google stated that Chrome 103 resolves three other use-after-free vulnerabilities found by external researchers impacting components such as Interest groups (CVE-2022-2157, high severity), WebApp Provider (CVE-2022-2161, medium severity), and Cast UI and Toolbar (CVE-2022-2163, low severity).  Google noted that the latest Chrome update also resolves an externally-reported high-severity type confusion flaw in the V8 JavaScript and WebAssembly engine (CVE-2022-2158), along with four other medium- and low-severity issues.

SecurityWeek reports: "Google Patches 14 Vulnerabilities With Release of Chrome 103"