chrome-147-update-patches-over-150-vulnerabilities

Post Views: 6

Google Releases Chrome 148 Update Resolving 151 Vulnerabilities

The latest Chrome update patches a total of 151 vulnerabilities, including 22 critical-severity flaws, which could potentially allow attackers to execute remote code and escape the browser’s sandbox.

According to Google, three of these critical vulnerabilities were identified by external researchers, who received a combined reward of $86,000 for their discoveries.

Use-after-free Bugs Account for 64%

The majority of the critical vulnerabilities resolved in this update are use-after-free bugs, which can be exploited to gain unauthorized access to sensitive data.

Use-after-free bugs account for 64% of the high-severity vulnerabilities patched in this update.
Insufficient validation of untrusted input accounts for 21% of the high-severity vulnerabilities patched in this update.
Out-of-bounds issues account for 15% of the high-severity vulnerabilities patched in this update.

The Chrome team has emphasized the importance of addressing these types of vulnerabilities, citing the potential risks associated with them.

Update Rolling Out Now

The update is now rolling out as versions 148.0.7778.216/217 for Windows, 148.0.7778.215/216 for macOS, and 148.0.7778.215 for Linux.

US Government Warns of Newly Discovered Exploit in LiteSpeed cPanel Plugin

In related news, the US government has issued a warning about a newly discovered exploit in the LiteSpeed cPanel plugin, which allows attackers to bypass authentication and gain access to sensitive data.

This vulnerability was found in a recently released version of the plugin and has been dubbed “Zero-Day” because it was unknown until its public disclosure.