Google has released Chrome 97 security update (97.0.4692.99) for Windows, Mac and Linux with fixes for multiple vulnerabilities.
An attacker could exploit these vulnerabilities to take control of impacted systems.
The latest Chrome 97 security update patched 26 vulnerabilities in all, to include one Critical vulnerability and 16 High severity vulnerabilities, each discovered by external researchers:
- Critical CVE-2022-0289: Use after free in Safe browsing
- High CVE-2022-0291: Inappropriate implementation in Storage
- High CVE-2022-0292: Inappropriate implementation in Fenced Frames
- High CVE-2022-0293: Use after free in Web packaging
- High CVE-2022-0294: Inappropriate implementation in Push messaging
- High CVE-2022-0295: Use after free in Omnibox
- High CVE-2022-0296: Use after free in Printing
- High CVE-2022-0297: Use after free in Vulkan
- High CVE-2022-0298: Use after free in Scheduling
- High CVE-2022-0300: Use after free in Text Input Method Editor
- High CVE-2022-0301: Heap buffer overflow in DevTools
- High CVE-2022-0302: Use after free in Omnibox
- High CVE-2022-0303: Race in GPU Watchdog
- High CVE-2022-0304: Use after free in Bookmarks
- High CVE-2022-0305: Inappropriate implementation in Service Worker API
- High CVE-2022-0306: Heap buffer overflow in PDFium.
None of these vulnerabilities had known exploits in the wild at the time of the original advisory post.
Finally, Google also released Chrome 97 (97.0.4664.98) for Android.