Connect with us

Business

Chrome Security Update: 15 Critical Vulnerabilities Fixed, Over $60,000 Rewarded

Published

on

Google has published a security update for Chrome, updating the Stable channel for Mac and Linux to 115.0.5790.170 and 115.0.5790.170/.171 for Windows.  The release of this upgrade will take place over the coming days/weeks.

This update offers 17 security fixes, including fixes discovered by external researchers.

High-Severity Vulnerabilities Patched

Confusion in V8 issue CVE-2023-4068 and CVE-2023-4070 are the ‘high’ severity flaws that have been fixed. It was reported by external researcher Jerry, who also received $23,000 and $20,000, respectively, as bug bounty from Google.

Type Confusion in V8, CVE-2023-4069, with a ‘high’ severity range, has been reported by Man Yue Mo of GitHub Security Lab and received $21,000 as a bug bounty.

Heap buffer overflow in the Visuals issue tracked as CVE-2023-4071 with a ‘high’ severity range was reported by external researchers Guang and Weipeng Jiang and received $17,000 as a bug bounty.

Out-of-bounds read and write in WebGL tracked as CVE-2023-4072 with a ‘high’ severity range has been reported by Apple Security Engineering and Architecture (SEAR) and received $15,000 as a bug bounty.

Out-of-bounds memory access in ANGLE tracked as CVE-2023-4073 with a ‘high’ severity was reported by Jaehun Jeong(@n3sk) of Theori and received $10000 as a bug bounty.

Use after free in Blink Task Scheduling issue tracked as CVE-2023-4074 with a ‘high’ severity range was reported by Unkown received a bug bounty of $8000.

Use after free in Cast, tracked as CVE-2023-4075 with a ‘high’ severity range, has been reported by Cassidy Kim(@cassidy6564) and received a bug bounty of $5000 from Google.

Use after free in WebRTC tracked as CVE-2023-4076 with a ‘high’ severity was reported by Natalie Silvanovich of Google Project Zero.

Medium-Severity Vulnerabilities Patched

Insufficient data validation in Extensions tracked as CVE-2023-4077 was reported by an Anonymous person and Google paid a bounty of [$3000

Inappropriate implementation in Extensions tracked as CVE-2023-4078, reported by an Anonymous person and received a bug bounty of $1000.

Hence, upgrading to 115.0.5790.170 for Mac and Linux users and 115.0.5790.170/.171 for Windows is advised.

Here’s a Guide on How to Update Google Chrome

  • On your computer, open Chrome.
  • At the top right, click More.
  • Click Help about Google Chrome.
  • Click Update Google Chrome. Important: If you can’t find this button, you’re on the latest version.
  • Click Relaunch.

Source: https://cybersecuritynews.com/chrome-security-update-patch-now/

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO