Google has published a security update for Chrome, updating the Stable channel for Mac and Linux to 115.0.5790.170 and 115.0.5790.170/.171 for Windows.
The release of this upgrade will take place over the coming days/weeks. This update offers 17 security fixes, including fixes discovered by external researchers.
High-Severity Vulnerabilities Patched
- Confusion in V8 issue CVE-2023-4068 and CVE-2023-4070 are the “high” severity flaws that have been fixed. It was reported by external researcher Jerry, who also received $23,000 and $20,000, respectively, as bug bounty from Google.
- Type Confusion in V8, CVE-2023-4069, with a ‘high’ severity range, has been reported by Man Yue Mo of GitHub Security Lab and received $21,000 as a bug bounty.
- Heap buffer overflow in the Visuals issue tracked as CVE-2023-4071 with a ‘high’ severity range was reported by external researchers Guang and Weipeng Jiang and received $17,000 as a bug bounty.
- Out-of-bounds read and write in WebGL tracked as CVE-2023-4072 with a ‘high’ severity range has been reported by Apple Security Engineering and Architecture (SEAR) and received $15,000 as a bug bounty.
- Out-of-bounds memory access in ANGLE tracked as CVE-2023-4073 with a ‘high’ severity was reported by Jaehun Jeong(@n3sk) of Theori and received $10000 as a bug bounty.
- Use after free in Blink Task Scheduling issue tracked as CVE-2023-4074 with a ‘high’ severity range was reported by Unkown received a bug bounty of $8000.
- Use after free in Cast, tracked as CVE-2023-4075 with a ‘high’ severity range, has been reported by Cassidy Kim(@cassidy6564) and received a bug bounty of $5000 from Google.
- Use after free in WebRTC tracked as CVE-2023-4076 with a ‘high’ severity was reported by Natalie Silvanovich of Google Project Zero.
Medium-Severity Vulnerabilities Patched
- Insufficient data validation in Extensions tracked as CVE-2023-4077 was reported by an Anonymous person and Google paid a bounty of $3000
- Inappropriate implementation in Extensions tracked as CVE-2023-4078, reported by an Anonymous person, and received a bug bounty of $1000.
Hence, upgrading to 115.0.5790.170 for Mac and Linux users and 115.0.5790.170/.171 for Windows is advised.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.