As part of a security update for Chrome, Google has upgraded the Stable channels to 118.0.5993.70 for Mac and Linux and 118.0.5993.70/.71 for Windows.
The Extended Stable channel has been upgraded to 118.0.5993.71 for Windows and 118.0.5993.70 for Mac.
This release contains 20 security fixes. The upgrade will roll out over the following days and weeks.
Critical Vulnerability Addressed
A critical vulnerability identified as CVE-2023-5218, Use after free in Site Isolation. This was the issue reported on September 27, 2023.
Before 118.0.5993.70 in Google Chrome, use after free in Site Isolation flaw might have allowed a remote attacker to exploit heap corruption through a crafted HTML page.
Additionally, it requires some form of user involvement from the victim. Technical information is not known, and there is no publicly accessible exploit.
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
Medium Severity Vulnerabilities Addressed
Inappropriate implementation of Fullscreen is a bug of Medium severity listed as CVE-2023-5487. This was reported by Anonymous, who received a reward of $5000.
Another vulnerability with a Medium severity is CVE-2023-5484, which refers to inappropriate implementation in navigation. Thomas Orlita, who reported this problem, received a prize of $5000.
CVE-2023-5475, Inappropriate Implementation in DevTools, is the Medium severity flaw. Axel Chong reported it and was awarded a prize of $2000 for doing so.
Inappropriate implementation in intent is a bug tagged as CVE-2023-5483, which has a medium severity rating. Axel Chong reported the problem and was given a $1,000 reward.
Inappropriate implementation in Downloads is a bug of Medium severity identified as CVE-2023-5481. Om Apip, who reported it, received a prize of $1000.
Use after free in Blink History, CVE-2023-5476 is the following medium severity issue. Yunqin Sun reported it and was given a $1,000 prize for doing so.
Heap buffer overflow in PDF is a Medium-severity bug that has been tracked as CVE-2023-5474. This was disclosed by [pwn2car], who received a $1,000 reward.
This bug, with a Medium severity, is an inappropriate implementation in the Extensions API and is classified as CVE-2023-5479. Axel Chong received $500 for reporting this issue.
Low Severity Vulnerabilities Addressed
A low-severity bug with an inappropriate implementation in Autofill has been assigned as CVE-2023-5478. Ahmed ElMasry, who reported it, received a prize of $3000.
Inappropriate implementation in the Installer is the next low-severity issue, identified as CVE-2023-5477. Bahaa Naamneh of Crosspoint Labs reported it and received a $3,000 prize.
A low-severity bug with an inappropriate implementation in input is tagged as CVE-2023-5486. Hafiizh reported this and received a $1,000 reward.
Use after free in Cast is another low-severity bug that has been tracked as CVE-2023-5473. DarkNavy reported this and was given $1,000 for doing so.
To avoid exploiting these vulnerabilities, Google advises users to update to the most recent version of Google Chrome.
How to Update Google Chrome
- On your computer, open Chrome.
- At the top right, click More.
- Click Help About Google Chrome.
- Click Update Google Chrome. Important: If you can’t find this button, you’re on the latest version.
- Click Relaunch.
Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.