Google patched a critical RCE bug in its Chrome web browser that allows an attacker to install malware on a victim’s system simply by tricking them to visit a malicious site. In addition to that also patched six high-severity bugs, one of them close to a year old.
Google was to fix a critical use after a free vulnerability that impacts the Google Chrome component identified as Prompts.
Prompts is a feature that defines how an Action renders responses to users and how Action prompts them to continue. Developers can select a wide range of engaging response types to present to users, including simple, visual, and media (voice) responses.
The company also patched an 11-month-old Google Chrome SwiftShader high-severity use-after-free flaw tracked as CVE-2023-0928.
SwiftShader is Chrome’s software-based renderer for 3D graphics that can be used as a fallback option when hardware acceleration is not available or when it is disabled, according to Google. It is primarily used in web browsers such as Google Chrome to render WebGL content, which is a web standard for rendering 3D graphics.
The other four high-severity vulnerabilities include one (CVE-2023-0929) impacting the Chrome video acceleration component Vulkan; two video buffer overflow bugs (CVE-2023-0930 and CVE-2023-0931); and a WebRTC (CVE-2023-0932) flaw.
As usual, no more information were available about the fixed vulnerabilities
The fixes will be pushed to Windows, macOS, and Linux desktops that make up the nearly 2.65 billion users of Chrome. The “stable channel desktop updates” include versions 110.0.5481.177 for Mac and Linux and 110.0.5481.177/.178 for Windows.
Users may also opt to manually update their browsers to protect them against potential exploits targeting these vulnerabilities.