Chrome 149 Update Patches 28 Vulnerabilities

Google on Thursday rolled out a Chrome 149 update that resolves 28 critical and high-severity vulnerabilities.

The update patches five critical-severity bugs: use-after-free issues in Core, DigitalCredentials, and WebMIDI, an insufficient validation of untrusted input flaw in Accessibility, and a heap buffer overflow defect in GPU.

The remaining 23 vulnerabilities are high-severity flaws: nine use-after-free, four insufficient validation of untrusted input, three inappropriate implementation, two insufficient policy enforcement, two out-of-bounds read, an out-of-bounds write, a race condition, and a heap buffer overflow.

A dozen of them, including three critical and nine high-severity defects, are use-after-free issues, a type of memory safety bug that could be exploited for remote code execution (RCE), data corruption, or denial-of-service.

In Chrome, use-after-free vulnerabilities could be exploited for sandbox escape, if combined with security defects in the operating system or in a privileged part of the browser.