Google Chrome Security Flaw Let Attackers to Crash the Browser


As part of a security update for Chrome, Google has upgraded the Stable channels to 118.0.5993.117 for Mac and Linux and 118.0.5993.117/.118 for Windows.

The Extended Stable channel has been upgraded to 118.0.5993.117  for Mac and 118.0.5993.118 for Windows.

EHA

There are two security fixes in this release. Over the coming days and weeks, the update will be implemented.

High Severity Flaw Addressed

A Use after free in profiles is categorized as CVE-2023-5472 and has a severity level of “High.” Referencing memory after it has been released might cause a browser to crash, utilize unexpected values, or execute code. Hence, it can affect confidentiality, reliability, and accessibility.

Generally, a Use-After-Free (UAF) arises when dynamic memory is used improperly while a program is running. A program can be hacked by an attacker if, after freeing up memory, it fails to delete the pointer to that memory.

For exploitation to be successful, user involvement is necessary. Google awarded $3000 to the researcher @18楼梦想改造家 in recognition of their findings.

Chrome Security Update

Google recommends users update to the most recent version of Google Chrome to prevent exploiting vulnerabilities.

“The Stable channel has been updated to 118.0.5993.117 for Mac and Linux and 118.0.5993.117/.118 for Windows”, Google said.

“The Extended Stable channel has been updated to 118.0.5993.117 for Mac and 118.0.5993.118 for Windows”.

How to Update Google Chrome

  • On your computer, open Chrome.
  • At the top right, click More.
  • Click Help About Google Chrome.
  • Click Update Google Chrome. Important: If you can’t find this button, you’re on the latest version.
  • Click Relaunch.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.



Source link