Google fixes a critical and several high severity vulnerabilities in its Chrome 104.0.5112.102/101 Stable Channel update
Hello everyone,
Chrome Stable Channel has been updated to 104.0.5112.102/101 for Windows, 104.0.5112.101 for Mac, and Linux. This update comes with 11 security fixes. The details of the vulnerabilities fixed are mentioned below:
CVE ID | Vulnerability | Severity |
CVE-2022-2852 | Use after free in FedCM | Critical |
CVE-2022-2854 | Use after free in SwiftShader | High |
CVE-2022-2855 | Use after free in ANGLE | High |
CVE-2022-2857 | Use after free in Blink | High |
CVE-2022-2858 | Use after free in Sign-In Flow | High |
CVE-2022-2853 | Heap buffer overflow in Downloads | High |
CVE-2022-2856 | Insufficient validation of untrusted input in Intents | High |
CVE-2022-2859 | Use after free in Chrome OS Shell | Medium |
CVE-2022-2860 | Insufficient policy enforcement in Cookies | Medium |
CVE-2022-2861 | Inappropriate implementation in Extensions API | Medium |
As per the Chrome Releases blog, "Google is aware that an exploit for CVE-2022-2856 exists in the wild."
To install this update on your Windows / Mac machines, initiate a sync between the Central Patch Repository and the Endpoint Central / Patch Manager Plus / Vulnerability Manager Plus server. Once the sync is complete, search for the following Patch IDs or Bulletin ID and deploy them to your target systems.
Patch ID | Bulletin ID | Patch Description |
326142 | TU-017 | Google Chrome (x64) (104.0.5112.102) |
326141 | TU-017 | Google Chrome (104.0.5112.102) |
| 604072 | MAC-012 | Google Chrome for Mac (104.0.5112.101) |
Cheers,
The ManageEngine Team