December 1, 2023

Google has released a security update for Chrome 113 version that resolves a total of 12 vulnerabilities.

The critical vulnerability tracked as CVE-2023-2721, an issue described as a use-after-free flaw in Navigation. A remote attacker could craft an HTML page to trigger a heap corruption when a user accesses the page. The attacker would have to convince the user to visit the page.

Advertisements

Use-after-free vulnerabilities are memory corruption bugs that occur when the pointer is not cleared after memory allocation is freed, which could lead to arbitrary code execution, denial-of-service, or data corruption.

The latest Chrome update also addressed the below highlighted bugs.

  • High CVE-2023-2722: Use after free in Autofill UI.
  • High CVE-2023-2723: Use after free in DevTools.
  • High CVE-2023-2724: Type Confusion in V8.
  •  High CVE-2023-2725: Use after free in Guest View. 
  • Medium CVE-2023-2726: Inappropriate implementation in WebApp Installs.

The latest Chrome iteration is now rolling out as version 113.0.5672.126 for macOS and Linux, and as versions 113.0.5672.126/.127 for Windows.

Leave a Reply

%d bloggers like this: