Google fixes multiple security bugs in Android, Chrome OS

Updates to fix the high-severity bugs affecting security of devices were released last week.

October 10, 2022 04:08 pm | Updated 04:42 pm IST

Updates to fix the high-severity bugs affecting the security of Android and Chrome OS devices were released last week

Updates to fix the high-severity bugs affecting the security of Android and Chrome OS devices were released last week | Photo Credit: AP

Multiple high-severity vulnerabilities were reported in some versions of Android and Chrome OS. Computer Emergency Response (CERT-In) has released vulnerability notes recommending users update their devices with the latest version with fixes. 


Security bugs in Android could be exploited by an attacker to elevate their privileges thereby gaining access to sensitive information on affected devices. They can also lead to denial of service on affected devices. 

These vulnerabilities exist due to flaws in the software’s framework. They were detected in the media framework, system kernel and kernel components. Security bugs were also detected in Imagination technologies components, MediaTek components, UNISOC components, Qualcomm components and closed source components. 

Details of the security bugs were also shared by Android in their security bulletin while requesting users to update their software. CERT-In’s report flagged Android OS versions 10, 11, 12, 12L and 13 for these security bugs.

Google Chrome OS 

Security bugs in Chrome OS were exploited by bypassing security restrictions, which executed arbitrary code and caused denial of services on affected systems. CERT-In stated that these bugs could be exploited by sending specially crafted requests. 

The security flaws were found after using free network service like WebSQL, Sign-In Flow, Input and SplitScreen. 

Also read: Google Maps gets improved live view and eco-friendly routing in the latest update

Bugs were also reported to exist due to inappropriate implementation in site Isolation and Chrome OS lockscreen; heap buffer overflow in internals, screen capture, exosphere, Ash and WebUI. Insufficient validation of untrusted input in DevTools was also found to exist. 

Google has released long term channel updates to fix these security bugs, which were reported in Chrome OS LTS channel versions prior to 102.

Top News Today


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.