October 3, 2023

Google has shipped out new Chrome 114 update that resolves five vulnerabilities, including four critical and one high severity bugs.

First is the CVE-2023-3214, a critical use-after-free flaw resides in Autofill payments. Use-after-free vulnerabilities are a type of memory corruption bugs that occur when a pointer is not cleared after memory allocation has been freed.

These flaws can be exploited to achieve remote code execution (RCE), denial-of-service (DoS), or data corruption, and may even lead to complete system compromise if combined with other bugs.

Other update resolves two other use-after-free issues, both rated ‘high severity’: CVE-2023-3215, which impacts WebRTC, and CVE-2023-3217, which impacts WebXR.

Google has noted none of any these vulnerabilities being exploited in attacks. The latest Chrome iteration is now rolling out as version 14.0.5735.133 for macOS and Linux and as versions 114.0.5735.133/134 for Windows.

Leave a Reply

%d bloggers like this: