Google has released an updated version of the Chrome web browser. In the new version, the developers fixed security leaks classified as high risk. Users should ensure that they are using the bug-fixed browser version.

In the Chrome Releases blog, Google's developers write that the update contains four security fixes. To protect users, Google, as usual, does not reveal any details about the vulnerabilities and, in the case of vulnerabilities reported by external IT security researchers, only roughly summarizes which components are affected.

Chrome update fixes four vulnerabilities

Of the four vulnerabilities, Google only explains three, all of which are considered high-risk. One vulnerability is a type confusion vulnerability in the V8 Java Script engine (CVE-2023-3420, no CVSS value yet, high risk). With this type of vulnerability, the data types actually used do not match the intended ones, which means that access to memory areas outside the intended limits is possible.

The programmers have also corrected a use-after-free vulnerability in the Media and Guest View components (CVE-2023-3421, CVE-2023-3422, no CVSS values, high risk). The program code accesses resources after they have already been released. As a result, their status is undefined. This usually leads to a crash, but can often be misused by attackers to smuggle in and execute malicious code.

The corrected versions of Chrome are 114.0.5735.196 for Android, 114.0.5735.198 for Linux and Mac, and 114.0.5735.198/199 for Windows.

If you use Chrome, you should make sure to use the new versions of the browser.

Since the vulnerabilities in the Chromium project also affect other web browsers based on it, such as Microsoft Edge, a security update should also be available for these browsers shortly. Users of these web browsers should also apply the update quickly.

Google just recently released a Chrome update about two weeks ago. The programmers had fixed a vulnerability in the Chrome web browser that had been classified as critical.