Google Chrome 117.0.5938.132

[German]Google has released updates to the Google Chrome browser 117 in the stable channel for Mac, Linux and Windows on September 27, 2023. It is a security update that should be rolled out and fix several vulnerabilities (some classified as "high"). One vulnerability (CVE-2023-5217) is being exploited in the wild. The browser's Android app has also received a security update.

Google Chrome 117.0.5938.132

The relevant entry can be found on the Google blog. The stable channel has been updated to version 117.0.5938.132 for macOS, Linux and Windows. According to the change log, the following vulnerabilities have been fixed.

findet sich im Google-Blog. Der Stable-Channel wurde für macOS, Linux und Windows auf die Version 117.0.5938.132 aktualisiert. The following vulnerabilities has been fixed.

• [$NA][1486441] High CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-09-25
• [$TBD][1478889] High CVE-2023-5186: Use after free in Passwords. Reported by [pwn2car] on 2023-09-05
• [$2000][1475798] High CVE-2023-5187: Use after free in Extensions. Reported by Thomas Orlita on 2023-08-25

As usual, no details are given. The vulnerability (CVE-2023-5217) is exploited in the wild. Chrome will be rolled out to systems via the automatic update feature in the next few days. One can (and in this case should) also update the browser manually (via the menu and the About Google Chrome command). The latest build of the Chrome browser can also be downloaded here.

Chrome für Android 117.0.5938.140

Further, Google has updated and distributed Chrome for Android to version 117.0.5938.140 on September 27, 2023 according to this post. This version includes the same security fixes as the desktop version mentioned above.