Google has released an updated version of its Chrome web browser to address several security vulnerabilities, including one considered critical. Users are advised to promptly install the update to mitigate the risks associated with the identified vulnerabilities. Other web browsers based on the underlying Chromium project are also expected to release updates soon to address these issues.

Vulnerabilities

  • CVE-2023-3214 (risk: “critical”)
  • CVE-2023-3215 (risk: “high”)
  • CVE-2023-3216 (risk: “high”)
  • CVE-2023-3217 (risk: “high”)
  • No CVE ID or details were provided for the fifth vulnerability as it was discovered internally by Google employees.

Update to the latest version

  • 114.0.5735.130/.131 for Android
  • 114.0.5735.124 for iOS
  • 114.0.5735.133 for Linux and Mac
  • 114.0.5735.133/134 for Windows

Information

Google has released an updated version of the Chrome web browser, closing several security vulnerabilities in it. One of them is considered critical by the manufacturer. Chrome users should therefore apply the update quickly.

Since the vulnerabilities are found in the underlying Chromium project, they also affect other web browsers based on it. Therefore, their developers should also release updates soon. Of course, users should also install these promptly.

In total, the update fixes five vulnerabilities, Google developers write in the release announcement. A vulnerability, where resources such as pointers are used again after they are released (use after free), gapes in the Autofill Payments component. The resulting memory scrambling on the heap can be abused by attackers with manipulated web pages to execute malicious code (CVE-2023-3214, no CVSS value yet, Google rating as risk “critical”).

Google Chrome high-risk security vulnerabilities

Google’s developers classify three further gaps as high risk. They affect the modules WebRTC, the JavaScript engine V8, and WebXR (CVE-2023-3215, CVE-2023-3216, CVE-2023-3217; all still without CVSS value). Information about the fifth vulnerability is missing, since it was apparently discovered internally by Google employees.

Sources

Contact & Information

Do you have suggestions for improvement or would you like to have an article translated / created? Please contact me!