Google Quashes 5 High-Severity Bugs With Chrome 106 UpdateGoogle Quashes 5 High-Severity Bugs With Chrome 106 Update
External researchers contributed 16 of the 20 security updates included in the new Chrome 106 Stable Channel rollout, including five high-severity bugs.
September 28, 2022
Chrome is touting beefed-up security with the release of Chrome 106, which fixes 20 existing bugs, five of them high-severity.
Of the 20 total security fixes included, 16 were found by external researchers through Google's bug bounty program. A blog post from Google Chrome's Srinivas Sista listed the specific CVEs spotted by the bug bounty hunters, including five designated high-severity, which are as follows:
CVE-2022-3304: Use after free in CSS. Reported by Anonymous on 2022-09-01
CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09
CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-24
CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-27
CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. on 2022-05-08
The biggest external researcher payout for far a bug that contributed to the latest Chrome 106 security update, according to Sista, was $9,000, the lowest was $1,000. Many payout amounts for other Chrome bug hunters are listed as "$TBD."
As usual, Google did not list any technical details of the bugs.
"We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel," Sista wrote. "As usual, our ongoing internal security work was responsible for a wide range of fixes."
About the Author(s)
You May Also Like
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
AI in Cybersecurity: Using artificial intelligence to mitigate emerging security risks
Supply Chain Cyber Risk Management Whitepaper