Chrome update 111.0.5563.111 for Windows and other platforms available.

Google has patched eight vulnerabilities in the updated version of the Chrome web browser. Attackers could smuggle in malicious code through the vulnerabilities, for example with manipulated websites or PDF files.

The Chrome Releases blog offers few details about the gaps. The manufacturer provides brief summaries of the vulnerabilities reported by external IT security researchers. Of the eight vulnerabilities, seven were found by external IT researchers, and the Google developers rate their risk as high.

Vulnerability CVE-2023-1528 allowed remote attackers to execute malicious code - with compromised websites after rendering process compromised due to use-after-free vulnerability. Likewise, attackers with manipulated websites and PDF files in Chrome's PDF module could have abused a use-after-free vulnerability to inject malicious code (CVE-2023-1530).

Google's Project Zero has reported two vulnerabilities affecting the GPU video and Angle components. Other high-risk vulnerabilities were also found in WebHID and WebProtect. Chrome users should ensure that they are using the latest version to avoid becoming a victim of attacks.

The current Chrome versions are 111.0.5563.115/.116 for Android, 111.0.5563.101 for iOS, 111.0.5563.110 for Linux and Mac, and 111.0.5563.110/.111 for Windows. Google have also pushed the extended stable version of Chrome for Mac and Windows to the status 110.0.5481.208.

Whether the version used on the computer is already up to date can be checked by clicking on the Chrome menu - which is hidden to the right of the address bar behind the symbol with three vertically stacked dots -, from there to Help - Check via Google Chrome.

The dialog shows the version currently in use, starts downloading and installing the update if necessary, and then prompts you to restart your browser.

Linux users typically need to go to their distribution's software manager to check for updated packages.

Since the vulnerabilities also affect the underlying Chromium project, web browsers based on it, such as Microsoft's Edge, should soon follow suit with updated versions.