Google released Chrome 115 to the stable channel for Windows, MacOS, and Linux on Tuesday, patching 20 vulnerabilities, including 11 that were discovered by external researchers.
Four security issues were assessed to be of “high severity,” while six were determined to be of “medium severity.”
This browser update also fixes a ‘low-severity’ issue with Themes’ insufficient validation of untrusted input.
Fix For High Severity Vulnerabilities
The two use-after-free issues affecting the WebRTC component tracked as CVE-2023-3727 and CVE-2023-3728, are the most significant flaws identified.
These vulnerabilities, recognized by Google and rewarded with a $7,000 bounty each, are as major as they are critical.
CVE-2023-3730, a use-after-free weakness in Tab Groups, is another high-severity defect that Chrome 115 fixes. The researcher who discovered it received a $2,000 bug prize.
Additionally, Mark Brand of Google Project Zero identified CVE-2023-3732, an out-of-bounds memory access in Mojo. No bug bounty was offered for this internal discovery by Google’s rules.
System failures or data corruption may result from a use-after-free vulnerability that enables an attacker to run arbitrary code.
On the other side, a vulnerability that allows for out-of-bounds memory access might allow a hacker to access data that they are not meant to, potentially resulting in data breaches.
Fix For Medium-Severity and Low-Severity Flaws
Additionally, Chrome 115 fixes six medium-severity vulnerabilities that were reported externally.
Inappropriate implementations of several components, including Picture in Picture, Custom Tabs, Notifications, Autofill, WebApp Installs, and Web API Permission Prompts, caused the flaws.
If exploited, these flaws might have adverse effects, including enabling attackers to get around access restrictions and take illegal acts.
Although Google has not revealed any ongoing exploits of these vulnerabilities, it is strongly encouraged to apply its update immediately to protect against prospective attacks.
For ‘low-severity’ insufficient validation of untrusted input bugs in Themes, the reporting researchers have received a total of $34,000 in bug bounty awards.
Fixes Released
- Chrome for Linux and macOS: Chrome 115.0.5790.98
- Chrome for Windows: Chrome 115.0.5790.98 or Chrome 115.0.5790.99
By choosing Menu > Help > About Google Chrome or by typing chrome://settings/help straight into the browser’s address bar, users may determine the version that is currently installed.
When a website is opened on a desktop machine, Google Chrome shows the installed version and checks for updates.
To shield the browser and system against potential vulnerabilities, it is advised to apply the update as soon as possible.
Source: https://cybersecuritynews.com/chrome-115-update/