For Windows, Mac, and Linux, Google has released Chrome 114 to the stable channel. The next few days/weeks will see the implementation of this. According to the official statement, it fixes 16 security flaws.
There are eight security issues with a high severity rating, four with a medium rating, and one with a low level.
Since Google discovered them internally, the remaining security flaws are not made public.
Fixes for Security and Rewards
The most significant one is CVE-2023-2929, an out-of-bounds write problem in Swiftshader, according to the bug bounty that was awarded.
According to a Google statement, security researcher Jaehun Jeong was given a $15,000 incentive for disclosing the vulnerability.
The following flaw is CVE-2023-2930, a use-after-free vulnerability in Extensions, for which Google offered a $10,000 bug prize.
Three use-after-free flaws were discovered by Viettel Cyber Security security researchers, each of which resulted in a $9,000 bug bounty prize.
An out-of-bounds memory access vulnerability in Mojo and two type confusion problems in the V8 JavaScript and WebAssembly engine are the final three high-severity concerns that were externally reported and fixed in this Chrome release.
Researchers from Google Project Zero have identified all three problems. However, no bug bounty will be paid out for any of the following Google policies.
Additionally, Chrome 114 fixes four medium-severity weaknesses discovered by external researchers, including three inappropriate implementation bugs in Picture and Downloads and one installer bug with insufficient data validation.
This browser update also fixed a low-severity issue with inappropriate Extensions API implementation.
Reports stated that the security researchers who disclosed these vulnerabilities received bug bounty payments from Google totaling more than $65,000.
Google Chrome Update
Google Chrome Version 114.0.5735.90 is the most recent version available now for Linux and macOS, as well as versions 114.0.5735.90 and 91 for Windows.
“Chrome 114.0.5735.90 (Linux and Mac), 114.0.5735.90/91( Windows) contains many fixes and improvements”, Googe said in its advisory.
“Extended Stable channel has been updated to 114.0.5735.90 (Mac) and 114.0.5735.91 ( Windows. This will roll over the coming days/weeks”
Google does not refer to exploits that are already in use. Even while it may be pleasant, it is advised to upgrade Chrome to version 114 immediately to close the security issues.
Common Security Challenges Facing CISOs? – Download Free CISO’s Guide