September 22, 2023

Google released Chrome 113 verdion with 15 security fixes, including patches for 10 vulnerabilities reported by external researchers.

The latest Chrome update only resolves medium – and low-severity flaws, despite the major version change.

Google paid over $30,000 in bug bounty rewards to the reporting researchers. The highest reward was handed out for a medium-severity inappropriate implementation flaw in Prompts, which is tracked as CVE-2023-2459.

Advertisements

Six other medium-severity inappropriate implementation bugs also addressed in this browser release were identified in Chrome components such as Prompts, Screen Mode, PictureInPicture, and CORS.

Other bugs are insufficient validation of untrusted input vulnerability in extensions and a use-after-free flaw in OS inputs.

The remaining three externally reported issues were low-severity inappropriate implementation vulnerabilities impacting Prompts and PictureInPicture.

The latest browser iteration is now rolling out as Chrome version 113.0.5672.63 for Linux and macOS, and as Chrome versions 113.0.5672.63/.64 for Windows.

Leave a Reply

%d bloggers like this: