Google has released Chrome 111 stable channel version with addressing patches for 40 vulnerabilities.
A total of 24 security defects were reported by external researchers. These include eight high-severity flaws, 11 medium-severity bugs, and five low-severity issues.
- Three of the high-severity vulnerabilities are use-after-free bugs impacting Swiftshader, DevTools, and WebRTC
- Two type confusion flaws in V8 and CSS,
- One stack buffer overflow issue in Crash reporting,
- Two heap buffer overflow bugs in Metrics and UMA.
The medium-severity flaws are insufficient policy enforcement bugs impacting browser components such as extensions API, autofill, web payments API, navigation, and intents.
Other medium-severity fix includes 8inappropriate implementation issues in permission prompts, WebApp installs, and autofill, a heap buffer overflow bug in the Web Audio API, and use-after-free vulnerability in Core.
The low-severity defects resolved with this browser update include two insufficient policy enforcement issues in resource timing, an inappropriate implementation flaw in intents, a type confusion bug in DevTools, and an inappropriate implementation vulnerability in Internals.
As usual, Google didn’t mention any of these vulnerabilities being exploited in attacks.
The latest Chrome iteration is currently rolling out as versions 111.0.5563.64/.65 for Windows and as version 111.0.5563.64 for Linux and macOS.