As of the time of writing, no exploits that exist in the wild were mentioned in the official update notes from Google.
______________________________
A. Highlighted Vulnerabilities Contributed By External Researchers
| CVE-2022-2477 | High | Use after free in Guest View |
| CVE-2022-2478 | High | Use after free in PDF |
| CVE-2022-2479 | High | Insufficient validation of untrusted input in File |
| CVE-2022-2480 | High | Use after free in Service Worker API |
| CVE-2022-2481 | High | Use after free in Views |
| CVE-2022-2163 | Low | Use after free in Cast UI and Toolbar |
______________________________
B. Actions to be Taken
- CERT-PH encourages all Google Chrome users/administrators to review and apply the updates to mitigate future threats.
- To manually check for an update, you may do the following steps:
- Go to Chrome Settings > Help > About Google Chrome
- To manually check for an update, you may do the following steps:
- Regularly check and apply the latest patch of software, especially to public-facing applications.
- Proactively monitor and secure identified systems and devices for any suspicious/malicious activities.
- In addition, providing and capacitating employees with cybersecurity knowledge and information to minimize the attack surface.
- For additional information, kindly refer to the official advisory:
- <https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html?m=1>