This image has an empty alt attribute; its file name is Ncert-Advisory-Template-v2-2.jpg

On  March 29, 2022, Google released its 100th version of Chrome where major features have been introduced such as a new logo, security improvements, development features, and more. 

The Chrome 100 also fixes the 28 security vulnerabilities with nine being marked as ‘High’ severity. It can be recalled that on  March 25, Google has released version 99.0.4844.84 to fix a zero-day vulnerability tracked as CVE-2022-1096 that is being actively exploited in the wild.


A. List of Vulnerabilities

CVE-2022-1096HighType Confusion in V8.
CVE-2022-1125HighUse after free in Portals.
CVE-2022-1127HighUse after free in QR Code Generator.
CVE-2022-1128HighInappropriate implementation in Web Share API.
CVE-2022-1129HighInappropriate implementation in Full Screen Mode.
CVE-2022-1130HighInsufficient validation of untrusted input in WebOTP.
CVE-2022-1131HighUse after free in Cast UI.
CVE-2022-1132HighInappropriate implementation in Virtual Keyboard.
CVE-2022-1133HighUse after free in WebRTC.
CVE-2022-1134HighType Confusion in V8.
CVE-2022-1135MediumUse after free in the Shopping Cart.
CVE-2022-1136MediumUse after free in Tab Strip.
CVE-2022-1137MediumInappropriate implementation in Extensions.
CVE-2022-1138MediumInappropriate implementation in Web Cursor.
CVE-2022-1139MediumInappropriate implementation in Background Fetch API.
CVE-2022-1141MediumUse after free in File Manager.
CVE-2022-1142MediumHeap buffer overflow in WebUI.
CVE-2022-1143MediumHeap buffer overflow in WebUI.
CVE-2022-1144MediumUse after free in WebUI.
CVE-2022-1145MediumUse after free in Extensions.
CVE-2022-1146LowInappropriate implementation in Resource Timing.


B. Actions to be Taken

CERT-PH recommends the following actions be taken:

  • Users and administrators are urged to update their Google Chrome version to the latest version.
  • Proactively monitor and secure identified systems and devices for any suspicious/malicious activities.
  • In addition, providing and capacitating employees with cybersecurity knowledge and information to minimize the attack surface.