Massive Patch Round Addresses Graphics and Networking Flaws
Google has released a major security update for its Chrome browser, patching a total of 151 vulnerabilities across Windows, macOS, and Linux. The update, which brings the browser to version 148, includes fixes for 22 critical severity flaws that could allow attackers to execute remote code or escape the browser’s sandbox. The critical vulnerabilities were found in core components including the GPU process, networking stack, graphics libraries such as Skia and WebGL, and the Dawn rendering engine. Google’s internal security teams identified most of the critical bugs, though several were reported by external researchers who received bounties of up to 43,000 dollars.
Staggered Disclosure and Infrastructure Improvements
The company is rolling out the update gradually over the coming days and weeks, and is restricting detailed information about the bugs until most users have received the patch. This staggered disclosure approach is designed to reduce the chance that attackers will develop exploits for unpatched systems. Google noted that many vulnerabilities were caught during development using automated tools like sanitizers, fuzzers, and control flow integrity checks. In addition to the critical fixes, the update addresses dozens of high severity flaws in areas such as DOM, accessibility, site isolation, WebCodecs, PDF rendering, WebRTC, password management, and media components, with problems ranging from use after free conditions to heap buffer overflows and integer overflows.
Source: Cyber Security News
