Google 116 released with 26 Security Bug Fixes

Google has released the latest version of its Chrome browser, addressing 26 vulnerabilities including eight critical flaws.

Chrome 116 covers updates for various bits of functionality including Offline, V8 engine, Device Trust Connectors, Fullscreen, Network, ANGLE and Skia.

Through these vulnerabilities’ identification and reporting, researchers have earned between $500 to $30000 USD. Access to bug details and links may be kept restricted until most users are updated with a fix.

The Stable and Extended stable channels have been updated to 116.0.5845.96 for Mac and Linux and 116.0.5845.96/.97 for Windows, which will roll out over the coming days/weeks.

CVE ID	Issue Description	Severity
CVE-2023-2312	Use after free in Offline	High
CVE-2023-4349	Use after free in Device Trust Connectors	High
CVE-2023-4350	Inappropriate implementation in Fullscreen	High
CVE-2023-4351	Use after free in Network	High
CVE-2023-4352	Type Confusion in V8	High
CVE-2023-4353	Heap buffer overflow in ANGLE	High
CVE-2023-4354	Heap buffer overflow in Skia	High
CVE-2023-4355	Out of bounds memory access in V8	High
CVE-2023-4356	Use after free in Audio	Medium
CVE-2023-4357	Insufficient validation of untrusted input in XML	Medium
CVE-2023-4358	Use after free in DNS	Medium
CVE-2023-4359	Inappropriate implementation in App Launcher	Medium
CVE-2023-4360	Inappropriate implementation in Color	Medium
CVE-2023-4361	Inappropriate implementation in Autofill	Medium
CVE-2023-4362	Heap buffer overflow in Mojom IDL	Medium
CVE-2023-4363	Inappropriate implementation in WebShare	Medium
CVE-2023-4364	Inappropriate implementation in Permission Prompts	Medium
CVE-2023-4365	Inappropriate implementation in Fullscreen	Medium
CVE-2023-4366	Use after free in Extensions	Medium
CVE-2023-4367	Insufficient policy enforcement in Extensions API	Medium
CVE-2023-4368	Insufficient policy enforcement in Extensions API	Medium