Many highly dangerous vulnerabilities have again been found via Chrome's bug bounty program. The current Chrome update to version 115.0.5790.98/99 closes 20 security holes - 4 of them are considered "highly dangerous"
The current Chrome update contains a total of 20 updates, including 4 updates for high-risk vulnerabilities. In companies, the admins ensure that Chrome remains up to date. Individual companies and SMEs should definitely click in the help area - the further update happens automatically. Work PCs often run through and as long as the browser is not closed and reopened, no update will happen!
Chrome version 115.0.5790.98/99 closes gaps
Chrome 115.0.5790.98 (Linux and Mac), 115.0.5790.98/99 (Windows) includes a number of fixes and improvements - a list of changes is available below. While the update includes 20 security fixes, Google only lists the fixes that come via Chrome's bug bounty program.
Info according to Kaspersky: Use-After-Free (UAF) is a vulnerability related to improper use of dynamic memory during program operation. If a program does not delete the pointer to that memory after freeing a memory location, an attacker could exploit the flaw to hack the program.
- High CVE-2023-3727: Use-After-Free (UAF) in WebRTC.
- High CVE-2023-3728: Use-After-Free (UAF) in WebRTC.
- High CVE-2023-3730: Use-After-Free (UAF) in tab groups.
- High CVE-2023-3732: Out of bounds memory access in Mojo.
- Medium CVE-2023-3733: Improper implementation in WebApp installations.
- Medium CVE-2023-3734: Improper implementation in picture-in-picture.
- Medium CVE-2023-3735: Improper implementation in Web API permission prompts.
- Medium CVE-2023-3736: Improper implementation in custom tabs.
- Medium CVE-2023-3737: Improper implementation in notifications.
- Medium CVE-2023-3738: Improper implementation in Autofill.
- Low CVE-2023-3740: Insufficient validation of untrusted input in themes.
Trigger Chrome update
If the update is not triggered by a group policy, you should proceed as follows: Users only have to restart the browser for the update or, even easier, select Settings >Help >About Google Chrome. The information page for the browser then opens. If the update wasn't done yet, Chrome will now just do it automatically.
New Chrome version for iOS
Google also just released Chrome Stable 115 (115.0.5790.130) for iOS. It is available on the App Store. This version includes stability and performance improvements. An early update is recommended to the users.
More at GoogleBlog.com