[German]Google has released updates to the Google Chrome browser 116 in the stable channel for Mac, Linux and Windows on August 15, 2023. These are security updates that will be rolled out in the coming weeks and should eliminate 26 vulnerabilities. Furthermore, there is an update to the Chrome app for Android.
Advertising
Google Chrome 116.0.5845.96/.97
The relevant entry for Chrome 116 can be found on the Google blog. The stable channel has been updated to version 116.0.5845.96 for macOS and Linux. For Windows, the update updates the browser to version 116.0.5845.96/.97. It is an update that closes 26 vulnerabilities, some rated high.
- [$30000][1448548] High CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L. on 2023-05-24
- [$5000][1458303] High CVE-2023-4349: Use after free in Device Trust Connectors. Reported by Weipeng Jiang (@Krace) of VRI on 2023-06-27
- [$3000][1454817] High CVE-2023-4350: Inappropriate implementation in Fullscreen. Reported by Khiem Tran (@duckhiem) on 2023-06-14
- [$2000][1465833] High CVE-2023-4351: Use after free in Network. Reported by Guang and Weipeng Jiang of VRI on 2023-07-18
- [$NA][1452076] High CVE-2023-4352: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-06-07
- [$NA][1458046] High CVE-2023-4353: Heap buffer overflow in ANGLE. Reported by Christoph Diehl / Microsoft Vulnerability Research on 2023-06-27
- [$NA][1464215] High CVE-2023-4354: Heap buffer overflow in Skia. Reported by Mark Brand of Google Project Zero on 2023-07-12
- [$NA][1468943] High CVE-2023-4355: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-07-31
- [$5000][1449929] Medium CVE-2023-4356: Use after free in Audio. Reported by Zhenghang Xiao (@Kipreyyy) on 2023-05-30
- [$3000][1458911] Medium CVE-2023-4357: Insufficient validation of untrusted input in XML. Reported by Igor Sak-Sakovskii on 2023-06-28
- [$3000][1466415] Medium CVE-2023-4358: Use after free in DNS. Reported by Weipeng Jiang (@Krace) of VRI on 2023-07-20
- [$2000][1443722] Medium CVE-2023-4359: Inappropriate implementation in App Launcher. Reported by @retsew0x01 on 2023-05-09
- [$2000][1462723] Medium CVE-2023-4360: Inappropriate implementation in Color. Reported by Axel Chong on 2023-07-07
- [$2000][1465230] Medium CVE-2023-4361: Inappropriate implementation in Autofill. Reported by Thomas Orlita on 2023-07-17
- [$1000][1316379] Medium CVE-2023-4362: Heap buffer overflow in Mojom IDL. Reported by Zhao Hai of NanJing Cyberpeace TianYu Lab on 2022-04-14
- [$1000][1367085] Medium CVE-2023-4363: Inappropriate implementation in WebShare. Reported by Alesandro Ortiz on 2022-09-23
- [$1000][1406922] Medium CVE-2023-4364: Inappropriate implementation in Permission Prompts. Reported by Jasper Rebane on 2023-01-13
- [$1000][1431043] Medium CVE-2023-4365: Inappropriate implementation in Fullscreen. Reported by Hafiizh on 2023-04-06
- [$1000][1450784] Medium CVE-2023-4366: Use after free in Extensions. Reported by asnine on 2023-06-02
- [$500][1467743] Medium CVE-2023-4367: Insufficient policy enforcement in Extensions API. Reported by Axel Chong on 2023-07-26
- [$500][1467751] Medium CVE-2023-4368: Insufficient policy enforcement in Extensions API. Reported by Axel Chong on 2023-07-26
As usual, no details are given. Chrome will be rolled out to systems via the automatic update feature in the next few days. One can (and in this case should) also update the browser manually (via the menu and the About Google Chrome command). The latest build of the Chrome browser can also be downloaded here. (via)
Chrome for Android has been updated to version 116.0.5845.92, according to this Google post, and will be distributed in the next few days.
Advertising
