Google’s latest web browser update fixes 11 vulnerabilities, with at least five rated as high.
Chrome updates follow each other and sometimes look alike. After hastily rolling out a massive security update aimed at fixing a zero-day flaw earlier this month, Google has just released a new update intended to fix no less than 11 security flaws. Stamped 103.0.5060.134, this new version of Google Chrome has been deployed on Windows, macOS and Linux.
If Google does not mention the vulnerabilities discovered internally by its teams, the company has unveiled the six that were found by security researchers outside of Google. Among these six security vulnerabilities, five of them are indicated as having a high risk. Moreover, out of these six vulnerabilities, five are of the Use After Free type.
Google, which pays external researchers when they discover vulnerabilities in Chrome, has paid several thousand dollars to reward them. For example, one of the researchers received 16,000 dollars for his discovery, while the others respectively obtained 7,500, 7,000 and 3,000 dollars for the flaws they discovered.
These security vulnerabilities, which result from incorrect use of dynamic memory while an application is in use, allow attackers to exploit a memory location mistakenly freed to establish their attack. They use it, for example, to remotely execute arbitrary code on the system (in particular to install malware) or quite simply to make it crash.
On his blog dedicated to Chrome security updates, Google gives few details about the various security vulnerabilities found. The Mountain View firm explains that it restricts access to detailed information about these vulnerabilities until the majority of users have updated Chrome to the most recent version.
Source :
ZDNet