[German]Google has released updates to Google Chrome Browser 113 in the stable channel for Mac and Windows on May 2, 2023. These are security updates that fix critical vulnerabilities. The Extended Channel and the app for Android have also been updated. And Google announced to exchange the lock icon for https URLs in the address bar with a more neutral icon.
Advertising
Google Chrome 113.0.5672.63/.64
The relevant entry for Chrome 112.0.5615.137/138 can be found on the Google blog. The stable channel has been updated to version 113.0.5672.63 for macOS and Linux. For Windows, the update updates the browser to version 113.0.5672.63/.64. It is a new development branch that also fixes 15 vulnerabilities, including those listed below.
- [$7500][1423304] Medium CVE-2023-2459: Inappropriate implementation in Prompts. Reported by Rong Jian of VRI on 2023-03-10
- [$5000][1419732] Medium CVE-2023-2460: Insufficient validation of untrusted input in Extensions. Reported by Martin Bajanik, Fingerprint[.]com on 2023-02-27
- [$4000][1350561] Medium CVE-2023-2461: Use after free in OS Inputs. Reported by @ginggilBesel on 2022-08-06
- [$3000][1375133] Medium CVE-2023-2462: Inappropriate implementation in Prompts. Reported by Alesandro Ortiz on 2022-10-17
- [$2000][1406120] Medium CVE-2023-2463: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2023-01-10
- [$2000][1418549] Medium CVE-2023-2464: Inappropriate implementation in PictureInPicture. Reported by Thomas Orlita on 2023-02-23
- [$1000][1399862] Medium CVE-2023-2465: Inappropriate implementation in CORS. Reported by @kunte_ctf on 2022-12-10
- [$3000][1385714] Low CVE-2023-2466: Inappropriate implementation in Prompts. Reported by Jasper Rebane (popstonia) on 2022-11-17
- [$2000][1413586] Low CVE-2023-2467: Inappropriate implementation in Prompts. Reported by Thomas Orlita on 2023-02-07
- [$1000][1416380] Low CVE-2023-2468: Inappropriate implementation in PictureInPicture. Reported by Alesandro Ortiz on 2023-02-15
As usual, no details are given. Google also states that various fixes have been made based on results from internal audits, fuzzing and other initiatives. According to Google, the Google CVE-2023-2136 vulnerability (integer overflow in the Skia graphics engine) is already being exploited in the wild.
Chrome will be rolled out to systems via the automatic update feature in the next few days. One can (and in this case should) also update the browser manually (via the menu and the About Google Chrome command). The latest build of the Chrome browser can also be downloaded here.
Google Chrome 112.0.5615.179 Extended Channel
IChrome version 112.0.5615.179 for Windows and macOS is available in the Extended Channel (see here).
Google Chrome 113.0.5672.76/.77 für Android
A Chrome for Android update raises the browser to version 113.0.5672.76/.77. The updated app will be rolled out via the Play Store in the coming days.
Advertising
Lock symbol will be removed
Currently, browsers like Chrome display a closed padlock icon in front of a URL in the address bar when an https connection exists. Now Google has announced that it will soon replace the lock for secure https connections in the address bar. The symbol only stands for a secure connection, but says nothing about its trustworthiness. Therefore, the lock icon in Chrome will be replaced by a variant of the melody icon.
Replacing the lock icon with a neutral indicator avoids the misconception that the lock icon is associated with a page's trustworthiness and emphasizes that security should be the default status in Chrome, Google writes.
The new icon is planned to be introduced in Chrome 117, which will be released in early September 2023 as part of an overall design refresh for desktop platforms. Chrome will continue to warn users when their connection is not secure. You can now see the new icon in Chrome Canary by enabling Chrome Refresh 2023 at chrome://flags#chrome-refresh-2023. Note, however, that this flag enables work that is still active and under development and is not a final product.
Advertising
