Google has announced an update to their Chrome browser that fixes 37 security vulnerabilities for the first major update of 2022. 24 of these vulnerabilities were uncovered by external researchers, including the Google Project Zero initiative, while the other 13 were uncovered by Google as part of its ongoing internal security work.
Of the 24 vulnerabilities discovered by external researchers, one is rated as Critical, 20 are rated as either High or Medium, and three are rated as Low. The Critical vulnerability, tracked as CVE-2022-0096, is a use-after-free bug in the Storage component, which could lead to execution of malicious code on a vulnerable system. The other vulnerabilities include further use-after-free bugs in different components, heap buffer overflows, and type confusion.
Google has released Chrome version 97.0.4692.71 to address all of the vulnerabilities, across Windows, Mac, and Linux versions of the software.