The Cybersecurity and Infrastructure Security Agency (CISA) on Friday advised security teams to review the most recent Chrome Release Note from Google and apply the necessary updates.
The latest version of Chrome — 102.0.5005.155 for Windows, Mac and Linux — addresses the vulnerabilities that an attacker could exploit to take control of an affected system.
Google posted that the update contained seven security fixes, at least four of which were done with contributions by external security researchers. All of the four fixes were rated “high” in severity.
Google has long been a supporter of bug bounties and this patch cycle once again demonstrates that the more eyes that can get on a project the better, said Taylor Gulley, senior cyber security consultant at nVisium. “The contents of this release again highlight the benefits of a bug bounty program as well as that of open source projects,” Gulley said.
John Bambenek, principal threat hunter at Netenrich, said it’s “telling” that most of the vulnerabilities are being discovered by third parties. “This demonstrates that Google’s outreach to vulnerability researchers is bearing fruit and that Chrome users world-wide are safer as a result,” Bambenek said.
As CISA releases another advisory, organizations continue to struggle with being able to quickly and effectively provide updates to their systems and applications,” said Christopher Prewitt, chief technology officer at MRK Technologies. “This advisory is critical to remediate as it can provide an attacker remote access to an affected system,” Prewitt said.