Google Chrome Use after free Vulnerability leads to Browser Crash


Google Chrome Stable Channel Update for Desktop version 119.0.6.45.159 for Mac and Linux and 119.0.6045.159/.160 for Windows has been released, which will be rolling out to all users soon. There were two vulnerabilities fixed, which were CVE-2023-5997 and CVE-2023-6112.

Both of these vulnerabilities were associated with Use-after-free conditions in Garbage Collection and the Navigation of Google Chrome. The National Vulnerability Database (NVD) has yet to confirm the severity of these vulnerabilities.

EHA

CVE-2023-5997: Use After Free in Garbage Collection

This vulnerability exists in Google Chrome versions before 119.0.6045.159, allowing a threat actor to exploit heap corruption through a crafted HTML page. Chromium has categorized this vulnerability as high severity.

This vulnerability was rewarded with $10,000 by Google, but the details about the reporter of this vulnerability were mentioned as anonymous. 

CVE-2023-6112: Use After Free in Navigation

This vulnerability was similar to the above-mentioned vulnerability, which a threat actor can exploit to perform heap corruption via a crafted HTML page. The severity of this vulnerability is yet to be confirmed. 

The details about the reward for this vulnerability were not provided by Google Chrome but were reported by Sergei Glazunov of Google Project Zero. 

Nevertheless, several other fixes were related to regular fuzzing, internal audits, and other Google initiatives. 

Users of Google Chrome are recommended to upgrade to the latest version, 119.0.6.45.159 of Google Chrome to prevent these Use After free conditions.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.



Source link