All Chrome users should take the time to update to version 109.0.5414.119 /.120. With the update, Google closes 4 security gaps, 2 of which are considered highly dangerous. An update is done quickly.
A user and experts have found new vulnerabilities in Chrome and reported them to Google. There they reacted immediately and incorporated the patches into a new version. The official or stable build is 109.0.5414.119 /.120 for Windows, for Mac and Linux Mac and Linux to 109.0.5414.119.
Two serious vulnerabilities
While the first vulnerability was found in the WebTransport (CVE-2023-0471) of the client-server transmission module, the second (CVE-2023-0472) is in the WebRTC interface, which is used for real-time communication using a microphone or webcam, for example. Google classifies both vulnerabilities as “high” and also describes them in detail in the CVEs. The users received $16.000 and $3.000 for the vulnerability notification from the Google Bug Bounty program. So when it comes to WebTransport (CVE-2023-0471), the $16.000 reward should be really high.
Quick Chrome update
Users only have to restart the browser for the update or, even easier, select Settings > Help > About Google Chrome. The information page for the browser then opens. If the update wasn't done yet, Chrome will now just do it automatically.
- High CVE-2023-0471: Use after free in WebTransport. 2022-10-19
- High CVE-2023-0472: Use after free in WebRTC. 2023-01-06
- Media CVE-2023-0473: Type Confusion in ServiceWorker API. 2023-01-03
- Medium CVE-2023-0474: Use after free in GuestView. 2022-12-14