Google has released security updates for Google Chrome browser for Windows, Mac and Linux, addressing vulnerabilities that could allow a remote attacker to take control of systems. 

There are 11 fixes in total, including five that are classed as high-severity. As a result, CISA has issued an alert encouraging IT administrators and regular users to install the updates as soon as possible to ensure their systems are not vulnerable to the flaws. 

Security

• 8 habits of highly secure remote workers
• How to find and remove spyware from your phone
• The best VPN services: How do the top 5 compare?
• How to find out if you are involved in a data breach -- and what to do next

Among the most severe vulnerabilities that are patched by the Google Chrome update is CVE-2022-2477, a vulnerability caused by a use-after-free flaw in Guest View, which could allow a remote attacker to execute arbitrary code on systems or crash them. 

SEE: What, exactly, is cybersecurity? And why does it matter?

Use-after-free is a vulnerability as a result of the incorrect use of dynamic memory during the operation of an application, freeing a memory location in error -something that an attacker can exploit. 

Another of the vulnerabilities, CVE-2022-2480, relates to a use-after-free flaw in the Service Worker API, which which acts as a proxy server that sit between web applications, the browser and the network in order to improve offline experiences, among other things. 

The specific functionality that this vulnerability relates to has yet to be disclosed, but it can lead to a memory corruption flaw if abused, which can be used to crash systems or execute code -essentially allowing attackers to install malware or otherwise abuse the system.  

It requires some sort of user interaction but, as with many of the vulnerabilities disclosed in this update, the full details are yet to be made public. According to Google, this is because they're waiting for users to apply the updates first, so they're protected from anybody trying to exploit them. 

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," the Chrome team said in the update. 

"We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel," they added. 

CISA warns that the fixes relate to "vulnerabilities that an attacker could exploit to take control of an affected system" and that the updates should be applied as soon as possible. 

MORE ON CYBERSECURITY

• Flaws in a popular GPS tracker could allow hackers to track or stop vehicles, say security researchers
• Google Cloud: When it comes to cyber risks, we're all in it together
• These are the cybersecurity threats of tomorrow that you should be thinking about today
• Time to update: Google patches seven Chrome browser bugs, four rated 'high' risk
• CISA warning: Hackers are exploiting these 36 "significant" cybersecurity vulnerabilities - so patch now