Critical WebRTC and UI Flaws Patched
Google has issued an urgent security update for its Chrome browser, addressing 16 vulnerabilities that include two critical severity flaws. The most serious vulnerability resides in WebRTC, a component used for real time communication. This use after free memory corruption bug could allow an attacker to execute arbitrary code simply by getting a user to visit a maliciously crafted web page. The second critical flaw is an inappropriate implementation in the browser’s user interface layer, which could be exploited to bypass security restrictions or spoof browser elements.
High Severity and Medium Risk Fixes
The update also patches nine high severity vulnerabilities affecting components such as GPU, QUIC, Service Worker, GFX, XR, and WebRTC. These flaws include use after free conditions, out of bounds reads, type confusion, and heap buffer overflows. An external researcher earned a total of $14,000 in bug bounties for responsibly disclosing two of the GPU related issues. Additionally, five medium severity problems were resolved, including an out of bounds read in the GPU component and a heap buffer overflow in Chromecast.
Immediate Patching Recommended
Google has restricted access to bug details until the stable channel rollout is complete, which reduces the immediate risk of broad exploitation. Users and administrators are urged to navigate to Chrome settings, check for updates, and apply the latest version immediately to prevent potential remote code execution attacks.
Source: Cyber Security News
