Actualización de Chrome para solucionar 37 problemas de seguridad

Nuestro equipo de Ciberseguridad informa que Google ha lanzado la primera ronda de actualizaciones de su navegador web Chrome para 2022 para solucionar 37 problemas de seguridad, uno de los cuales tiene una clasificación de gravedad crítica y podría explotarse para pasar código arbitrario y obtener control sobre el sistema de la víctima.

Rastreada como CVE-2022-0096 , la falla se relaciona con un error de uso después de la liberación en el componente de almacenamiento, que podría tener efectos devastadores que van desde la corrupción de datos válidos hasta la ejecución de código malicioso en una máquina comprometida.

Por este motivo Netglobalis recomienda a los usuarios y administradores tomar las siguientes medidas de mitigación.

Severidad Critica

CVE-2022-0096: Use after free in Storage. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-11-30

Severidad Alta

CVE-2022-0097: Inappropriate implementation in DevTools. Reported by David Erceg on 2020-08-17

CVE-2022-0098: Use after free in Screen Capture. Reported by @ginggilBesel on 2021-11-24

CVE-2022-0099: Use after free in Sign-in. Reported by Rox on 2021-09-01

CVE-2022-0100: Heap buffer overflow in Media streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-08-10

CVE-2022-0101: Heap buffer overflow in Bookmarks. Reported by raven (@raid_akame)  on 2021-09-14

CVE-2022-0102: Type Confusion in V8 . Reported by Brendon Tiszka on 2021-10-14

CVE-2022-0103: Use after free in SwiftShader. Reported by Abraruddin Khan and Omair  on 2021-11-21

CVE-2022-0104: Heap buffer overflow in ANGLE. Reported by Abraruddin Khan and Omair on 2021-11-25

CVE-2022-0105: Use after free in PDF. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-11-28

CVE-2022-0106: Use after free in Autofill. Reported by Khalil Zhani on 2021-12-10 

 Severidad Media

CVE-2022-0107: Use after free in File Manager API. Reported by raven (@raid_akame)  on 2021-09-10

CVE-2022-0108: Inappropriate implementation in Navigation. Reported by Luan Herrera (@lbherrera_) on 2021-09-10

CVE-2022-0109: Inappropriate implementation in Autofill. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2021-10-20

CVE-2022-0110: Incorrect security UI in Autofill. Reported by Alesandro Ortiz on 2021-08-06

CVE-2022-0111: Inappropriate implementation in Navigation. Reported by garygreen on 2021-08-1CVE-2022-0112: Incorrect security UI in Browser UI. Reported by Thomas Orlita  on 2021-10-04

CVE-2022-0113: Inappropriate implementation in Blink. Reported by Luan Herrera (@lbherrera_) on 2020-01-0CVE-2022-0114: Out of bounds memory access in Web Serial. Reported by Looben Yang on 2021-11-06

CVE-2022-0115: Uninitialized Use in File API. Reported by Mark Brand of Google Project Zero on 2021-11-10

CVE-2022-0116: Inappropriate implementation in Compositing. Reported by Irvan Kurniawan (sourc7) on 2021-11-20

Severidad Baja

CVE-2022-0117: Policy bypass in Service Workers. Reported by Dongsung Kim (@kid1ng) on 2020-08-13

CVE-2022-0118: Inappropriate implementation in WebShare. Reported by Alesandro Ortiz on 2021-08-11

CVE-2022-0120: Inappropriate implementation in Passwords. Reported by CHAKRAVARTHI (Ruler96) on 2021-10-25

Mitigación

Actualizar el navegador Google Chrome a la última versión 97.0.4692.7 a la brevedad.

Recent Posts