Google has now released its Chrome browser in the stable channel in version 105 for Windows, Mac, and Linux. According to the company, distribution has already begun. However, it will take a few days or weeks before all users are fully provided with the latest version. As always, many security holes have been closed in the new version. Don’t be surprised by the dollar figures in the list below, these show the rewards paid out by Google to people who not only reported the corresponding bug/vulnerability, but also contributed in part to fixing the problem.
- [$NA][1340253] Critical CVE-2022-3038: Use after release in network service. Reported by Sergei Glazunov of Google Project Zero on 2022-06-28
- [$10000][1343348] CVE-2022-3039: use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11
- [$9000][1341539] High CVE-2022-3040: Use after free layout. Posted by Anonymous on 2022-07-03
- [$7500][1345947] High CVE-2022-3041: use after free in WebSQL. Reported by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute on 2022-07-20
- [$5000][1338553] High CVE-2022-3042: Free to use in PhoneHub. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22
- [$3000][1336979] High CVE-2022-3043: Buffer overflow in screenshot. Posted by @ginggilBesel on 2022-06-16
- [$NA][1051198] High CVE-2022-3044: Improper implementation in site isolation. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-02-12
- [$TBD][1339648] High CVE-2022-3045: Insufficient validation of untrusted inputs in V8. Reported by Ben Noordhuis on 2022-06-26
- [$TBD][1346245] High CVE-2022-3046: use after release in browser tag. Reported by VRI’s Rong Jian on 2022-07-21
- [$7000][1342586] Medium CVE-2022-3047: Insufficient policy enforcement in the Extensions API. Posted by Maurice Duration on 2022-07-07
- [$5000][1303308] Medium CVE-2022-3048: Improper implementation in Chrome OS lock screen. Reported by Andr.Ess on 2022-03-06
- [$3000][1316892] Medium CVE-2022-3049: Free to use in split screen. Posted by @ginggilBesel on 2022-04-17
- [$3000][1337132] Medium CVE-2022-3050: Buffer overflow in WebUI. Reported by Zhihua Yao of KunLun Lab on 2022-06-17
- [$2000][1345245] Medium CVE-2022-3051: Buffer overflow in Exosphere. Posted by @ginggilBesel on 2022-07-18
- [$2000][1346154] Medium CVE-2022-3052: buffer overflow in window manager. Reported by Khalil Zhani on 2022-07-21
- [$TBD][1267867] Medium CVE-2022-3053: Inappropriate implementation in Pointer Lock. Reported by Jesper van den Ende (Pelican Party Studios) on 2021-11-08
- [$TBD][1290236] Medium CVE-2022-3054: Insufficient policy enforcement in DevTools. Posted by Kuilin Li on 2022-01-24
- [$TBD][1351969] Medium CVE-2022-3055: use after free in passwords. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-11
- [$3000][1329460] Low CVE-2022-3056: Insufficient policy enforcement in Content Security Policy. Posted by Anonymous on 2022-05-26
- [$2000][1336904] Low CVE-2022-3057: Improper implementation in iframe Sandbox. Reported by Gareth Heyes on 2022-06-16
- [$1000][1337676] Low CVE-2022-3058: use after free in login flow. Reported by raven at KunLun Lab on 2022-06-20
This article contains affiliate links, so we mark it as advertisement. By clicking on it, you will directly access the supplier. If you decide to make a purchase there, we will receive a small commission. Nothing changes in the price for you. Thank you for your support!
Tech1 year ago
