In a recent update, Google has addressed four high-severity vulnerabilities in the Chrome browser. The latest version, 114.0.5735.198 for Mac and Linux, and 114.0.5735.198/199 for Windows, brings fixes for these security issues. Users can expect the update to roll out gradually over the next few days and weeks.
One of the high-severity vulnerabilities, known as CVE-2023-3420, was reported by Man Yue Mo of the GitHub Security Lab. This bug, labeled as “Confusion in V8 issue,” allowed an external researcher to identify a potential security threat. As a result, Mo was awarded a $20,000 bug bounty from Google for helping to uncover this vulnerability.
Another high-severity vulnerability, identified as CVE-2023-3421, allows for free media usage and was reported by Piotr Bania of Cisco Talos. Bania received a $10,000 bug reward from Google for his contribution in discovering this flaw.
The third high-severity vulnerability, CVE-2023-3422, was discovered by an individual named Asnine and allows for free usage in guest view. This vulnerability received a bug reward of $5,000 from Google.
Google highlighted the tools and techniques used to discover these vulnerabilities, including libFuzzer, AFL, Control Flow Integrity, AddressSanitizer, MemorySanitizer, and UndefinedBehaviorSanitizer. These tools play a crucial role in identifying and resolving security flaws within the Chrome browser.
The release notification from Google mentioned that the stable and extended stable channels have been updated to version 114.0.5735.198 for Mac and Linux, and version 114.0.5735.198/199 for Windows. This update will be gradually rolled out to users in the upcoming days and weeks.
It is important to note that Google Chrome offers several different release channels to cater to the diverse needs of its users. These channels range from the daily Canary channel builds, which are highly experimental and unstable, to the stable channel releases that occur approximately every six weeks.
While it is possible to run multiple channels concurrently, it is advised to create a backup of your profile, including bookmarks, frequently viewed pages, history, and cookies, before switching to a different channel. This precaution ensures that your updated profile data remains compatible with the earlier version in case you decide to switch back to a more stable channel.
Overall, the recent Chrome security update provides users with the necessary fixes for four high-severity vulnerabilities. By addressing these issues promptly, Google ensures the continued security and protection of its users while browsing the internet. It is recommended that all Chrome users update to the latest version to benefit from these security enhancements.