October 3, 2023

Google has released the latest version of its Chrome browser, addressing 26 vulnerabilities including eight critical flaws.

Chrome 116 covers updates for various bits of functionality including Offline, V8 engine, Device Trust Connectors, Fullscreen, Network, ANGLE and Skia.

Through these vulnerabilities’ identification and reporting, researchers have earned between $500 to $30000 USD. Access to bug details and links may be kept restricted until most users are updated with a fix.

The Stable and Extended stable channels have been updated to 116.0.5845.96 for Mac and Linux and 116.0.5845.96/.97 for Windows, which will roll out over the coming days/weeks.

CVE IDIssue DescriptionSeverity
CVE-2023-2312 Use after free in OfflineHigh
CVE-2023-4349 Use after free in Device Trust ConnectorsHigh
CVE-2023-4350 Inappropriate implementation in FullscreenHigh
CVE-2023-4351 Use after free in NetworkHigh
CVE-2023-4352 Type Confusion in V8High
CVE-2023-4353 Heap buffer overflow in ANGLEHigh
CVE-2023-4354 Heap buffer overflow in SkiaHigh
CVE-2023-4355 Out of bounds memory access in V8High
CVE-2023-4356 Use after free in AudioMedium
CVE-2023-4357 Insufficient validation of untrusted input in XMLMedium
CVE-2023-4358 Use after free in DNSMedium
CVE-2023-4359 Inappropriate implementation in App LauncherMedium
CVE-2023-4360 Inappropriate implementation in ColorMedium
CVE-2023-4361 Inappropriate implementation in AutofillMedium
CVE-2023-4362 Heap buffer overflow in Mojom IDLMedium
CVE-2023-4363 Inappropriate implementation in WebShareMedium
CVE-2023-4364 Inappropriate implementation in Permission PromptsMedium
CVE-2023-4365 Inappropriate implementation in FullscreenMedium
CVE-2023-4366 Use after free in ExtensionsMedium
CVE-2023-4367 Insufficient policy enforcement in Extensions APIMedium
CVE-2023-4368 Insufficient policy enforcement in Extensions APIMedium

Leave a Reply

%d bloggers like this: