Google fixes critical bugs in version 113
Google has released a security update for Chrome 113 version that resolves a total of 12 vulnerabilities.
The critical vulnerability tracked as CVE-2023-2721, an issue described as a use-after-free flaw in Navigation. A remote attacker could craft an HTML page to trigger a heap corruption when a user accesses the page. The attacker would have to convince the user to visit the page.
Use-after-free vulnerabilities are memory corruption bugs that occur when the pointer is not cleared after memory allocation is freed, which could lead to arbitrary code execution, denial-of-service, or data corruption.
The latest Chrome update also addressed the below highlighted bugs.
- High CVE-2023-2722: Use after free in Autofill UI.
- High CVE-2023-2723: Use after free in DevTools.
- High CVE-2023-2724: Type Confusion in V8.
- High CVE-2023-2725: Use after free in Guest View.
- Medium CVE-2023-2726: Inappropriate implementation in WebApp Installs.
The latest Chrome iteration is now rolling out as version 113.0.5672.126 for macOS and Linux, and as versions 113.0.5672.126/.127 for Windows.