Google has published a security update for Chrome, updating the Stable channel for Mac and Linux to 115.0.5790.170 and 115.0.5790.170/.171 for Windows. The release of this upgrade will take place over the coming days/weeks.
This update offers 17 security fixes, including fixes discovered by external researchers.
High-Severity Vulnerabilities Patched
Confusion in V8 issue CVE-2023-4068 and CVE-2023-4070 are the ‘high’ severity flaws that have been fixed. It was reported by external researcher Jerry, who also received $23,000 and $20,000, respectively, as bug bounty from Google.
Type Confusion in V8, CVE-2023-4069, with a ‘high’ severity range, has been reported by Man Yue Mo of GitHub Security Lab and received $21,000 as a bug bounty.
Heap buffer overflow in the Visuals issue tracked as CVE-2023-4071 with a ‘high’ severity range was reported by external researchers Guang and Weipeng Jiang and received $17,000 as a bug bounty.
Out-of-bounds read and write in WebGL tracked as CVE-2023-4072 with a ‘high’ severity range has been reported by Apple Security Engineering and Architecture (SEAR) and received $15,000 as a bug bounty.
Out-of-bounds memory access in ANGLE tracked as CVE-2023-4073 with a ‘high’ severity was reported by Jaehun Jeong(@n3sk) of Theori and received $10000 as a bug bounty.
Use after free in Blink Task Scheduling issue tracked as CVE-2023-4074 with a ‘high’ severity range was reported by Unkown received a bug bounty of $8000.
Use after free in Cast, tracked as CVE-2023-4075 with a ‘high’ severity range, has been reported by Cassidy Kim(@cassidy6564) and received a bug bounty of $5000 from Google.
Use after free in WebRTC tracked as CVE-2023-4076 with a ‘high’ severity was reported by Natalie Silvanovich of Google Project Zero.
Medium-Severity Vulnerabilities Patched
Insufficient data validation in Extensions tracked as CVE-2023-4077 was reported by an Anonymous person and Google paid a bounty of [$3000
Inappropriate implementation in Extensions tracked as CVE-2023-4078, reported by an Anonymous person and received a bug bounty of $1000.
Hence, upgrading to 115.0.5790.170 for Mac and Linux users and 115.0.5790.170/.171 for Windows is advised.
Here’s a Guide on How to Update Google Chrome
- On your computer, open Chrome.
- At the top right, click More.
- Click Help about Google Chrome.
- Click Update Google Chrome. Important: If you can’t find this button, you’re on the latest version.
- Click Relaunch.
Source: https://cybersecuritynews.com/chrome-security-update-patch-now/