Chrome Security Update – 15 High-Severity Vulnerabilities Patched


Chrome Security Update – 15 High-Severity Vulnerabilities Patched

Google has published a security update for Chrome, updating the Stable channel for Mac and Linux to 115.0.5790.170 and 115.0.5790.170/.171 for Windows.  The release of this upgrade will take place over the coming days/weeks.

This update offers 17 security fixes, including fixes discovered by external researchers.

High-Severity Vulnerabilities Patched

Confusion in V8 issue CVE-2023-4068 and CVE-2023-4070 are the ‘high’ severity flaws that have been fixed. It was reported by external researcher Jerry, who also received $23,000 and $20,000, respectively, as bug bounty from Google.

Type Confusion in V8, CVE-2023-4069, with a ‘high’ severity range, has been reported by Man Yue Mo of GitHub Security Lab and received $21,000 as a bug bounty.

Heap buffer overflow in the Visuals issue tracked as CVE-2023-4071 with a ‘high’ severity range was reported by external researchers Guang and Weipeng Jiang and received $17,000 as a bug bounty.

Out-of-bounds read and write in WebGL tracked as CVE-2023-4072 with a ‘high’ severity range has been reported by Apple Security Engineering and Architecture (SEAR) and received $15,000 as a bug bounty.

Out-of-bounds memory access in ANGLE tracked as CVE-2023-4073 with a ‘high’ severity was reported by Jaehun Jeong(@n3sk) of Theori and received $10000 as a bug bounty.

Use after free in Blink Task Scheduling issue tracked as CVE-2023-4074 with a ‘high’ severity range was reported by Unkown received a bug bounty of $8000.

Use after free in Cast, tracked as CVE-2023-4075 with a ‘high’ severity range, has been reported by Cassidy Kim(@cassidy6564) and received a bug bounty of $5000 from Google.

Use after free in WebRTC tracked as CVE-2023-4076 with a ‘high’ severity was reported by Natalie Silvanovich of Google Project Zero.

Medium-Severity Vulnerabilities Patched

Insufficient data validation in Extensions tracked as CVE-2023-4077 was reported by an Anonymous person and Google paid a bounty of [$3000

Inappropriate implementation in Extensions tracked as CVE-2023-4078, reported by an Anonymous person and received a bug bounty of $1000.

Hence, upgrading to 115.0.5790.170 for Mac and Linux users and 115.0.5790.170/.171 for Windows is advised.

Here’s a Guide on How to Update Google Chrome

  • On your computer, open Chrome.
  • At the top right, click More.
  • Click Help about Google Chrome.
  • Click Update Google Chrome. Important: If you can’t find this button, you’re on the latest version.
  • Click Relaunch.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.





Source link