Web browser: Chrome update seals eight security vulnerabilities
Google has patched eight vulnerabilities in the updated version of the Chrome web browser. Attackers could smuggle in malicious code through the vulnerabilities, for example with manipulated websites or PDF files.
No details on the gaps yet
As usual, Google is still holding back in the version announcement with details about the gaps in user protection. However, the manufacturer provides brief summaries of the vulnerabilities reported by external IT security researchers. Of the eight vulnerabilities, seven were found by external IT researchers, and the Google developers rate their risk as “high”.
Google has paid a $10,000 reward for a vulnerability discovered in password management. It allowed remote attackers to execute malicious code – with compromised websites after compromising the render process due to a use-after-free vulnerability (CVE-2023-1528). Likewise, attackers with manipulated websites and PDF files in Chrome’s PDF module could have abused a use-after-free vulnerability to inject malicious code (CVE-2023-1530).
Google’s Project Zero has reported two vulnerabilities affecting the GPU video and Angle components. However, they don’t appear to be attacked in the wild yet, at least Google doesn’t mention it in the report. Other high-risk vulnerabilities were also found in WebHID and WebProtect. Chrome users should ensure that they are using the latest version to avoid becoming a victim of attacks.
The current Chrome versions are 111.0.5563.115/.116 for Android, 111.0.5563.101 for iOS, 111.0.5563.110 for Linux and Mac, and 111.0.5563.110/.111 for Windows. Without giving any further details, Google’s developers have also pushed the extended stable version of Chrome for Mac and Windows to the status 110.0.5481.208.
Check current status
You can find out whether Chrome is up to date by calling up the settings menu via the symbol with the three stacked dots to the right of the address bar and the path “Help” – “About Chrome”.
The version dialog shows the currently used version and, if necessary, starts the update process of the web browser. There you can also initiate the necessary browser restart. Under Linux, the distribution’s own software management is usually responsible for distributing updates. Linux users should therefore start it and let it check for updates.
Since the vulnerabilities are also contained in the underlying Chromium project, web browsers based on them, such as Microsoft’s Edge, should also be available in an updated version shortly. Two weeks ago, Google released Chrome’s 111 development branch. In it, the developers had closed a total of 40 security gaps.