Chrome 119 available

The Google developers have upgraded their Chrome web browser to version 119. In the updated version they fixed 15 vulnerabilities. In addition, the HTTPS upgrades mechanism is now active by default.

Of the 15 security vulnerabilities, 13 were reported by external IT researchers, so there is no information on two vulnerabilities. The programmers classify three vulnerabilities as high risk, eight as medium threat and two as low threat.

According to the version announcement, Google reports an inappropriate implementation in Payments (CVE-2023-5480, no CVSS value, risk high). Data was not sufficiently validated in the USB component (CVE-2023-5482, high) and an integer overflow could also occur in the USB code (CVE-2023-5849, high). Attackers could probably use manipulated websites to inject malicious code due to the vulnerabilities - Google does not provide any information about the possible effects of the vulnerabilities.

The developers also activated the HTTPS upgrades option in Chrome in mid-October. This ensures that URLs that are addressed unencrypted with http:// are first accessed with an encrypted https:// handler by default. The function has apparently been in testing since June, as a discussion of the function in Google Groups shows. If a remote device rejects https connections, Chrome automatically falls back to http connections. However, the HTTPS upgrades seem to be running so smoothly that they were rolled out as standard and no major problems have been reported so far.

To ensure that the browser is already running in the latest version, just click on the settings menu, which can be found to the right of the address bar under the icon with the three stacked dots, and then click Help - About Google Chrome.

The version dialog shows the currently running version of the browser and starts the update process if available. At the end, the dialog prompts you to restart the web browser.