May 28, 2023

Google released Chrome 112, a new stable version of the company’s web browser, to the Stable channel. Chrome 112 is a security update first and foremost, but it does include new features and changes as well.

The following versions should be listed after the update:

  • Chrome for Linux and Mac: 112.0.5615.49
  • Chrome for Windows: 112.0.5615.49 or 112.0.5615.50
  • Chrome for Android: 112.0.5615.47 or 112.0.5615.48
  • Chrome for iOS: 112.0.5615.46

This update includes 16 security fixes. Below, we highlight fixes that were contributed by external researchers.

High Severity CVE-2023-1810: Heap buffer overflow in Visuals.

  • High Severity CVE-2023-1811: Use after free in Frames.
  • Medium severity CVE-2023-1812: Out of bounds memory access in DOM Bindings.
  • Medium severity CVE-2023-1813: Inappropriate implementation in extensions.
  • Medium severity CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing.
  • Medium severity CVE-2023-1815: Use after free in Networking APIs.
  • Medium severity CVE-2023-1816: Incorrect security UI in Picture In Picture.
  • Medium severity CVE-2023-1817: Insufficient policy enforcement in Intents.
  • Medium severity CVE-2023-1819: Out of bounds read in Accessibility.
  • Medium severity CVE-2023-1818: Use after free in Vulkan.
  • Medium severity CVE-2023-1820: Heap buffer overflow in Browser History.
  • Low severity CVE-2023-1821: Inappropriate implementation in WebShare.
  • Low severity CVE-2023-1822: Incorrect security UI in Navigation.
  • Low severity CVE-2023-1823: Inappropriate implementation in FedCM.

Google makes no mention of exploits in the wild. While that is reassuring, it is still suggested to update to the latest Chrome version as soon as possible to protect the browser against potential attacks targeting the security issues.

The Chrome Status page for Chrome 112 lists developer related changes for the most part:

  • Deprecate the `document.domain` setter. (Deprecated)
  • Add optional submitter parameter to FormData constructor
  • CSS animation-composition property
  • CSS Nesting
  • RegExp v flag with set notation + properties of strings
  • “Reload this page” infobar no longer shown if top-level frame is observing permission changes
  • WebAssembly Tail Call
  • WebGLContextEvent on Web Workers
  • Add containerName and containerQuery, update conditionText (behind flag)
  • background-blur (behind flag)
  • Deprecate non-standard `shadowroot` attribute for declarative shadow DOM (behind flag)
  • FedCM: Auto re-authentication (behind flag)
  • APIPayment handler minimal header UX (behind flag)
  • “Reload this page” infobar no longer shown if top-level frame is observing permission changes (behind flag)
  • WebAssembly Garbage Collection (WasmGC) (Origin trial)
  • [WebRTC] Unship deprecated “track” and “stream” stats from getStats() (Origin trial)
Tags:

Leave a Reply

You may have missed

CrowdStrike strategy dominates MDR Market

CrowdStrike strategy dominates MDR Market

May 28, 2023
TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
Apria Data Breach affects 2 million customers

Apria Data Breach affects 2 million customers

May 27, 2023
CosmicEnergy Malware Shutting Electric grid

CosmicEnergy Malware Shutting Electric grid

May 27, 2023
Operation Magalenha from Brazil

Operation Magalenha from Brazil

May 27, 2023
%d bloggers like this: