Google has released Chrome web browser version 112. The developers fixed 16 vulnerabilities and classified some of these as high-risk. Chromium-based browsers should follow suit soon.

Google provides descriptions of externally reported vulnerabilities, but threat classifications are not known for all fixed vulnerabilities. Google's developers classified at least two of the vulnerabilities as high risk, nine with a medium threat, and a low risk in three other vulnerabilities.

Attackers could execute code

One of the two high-risk vulnerabilities is known to be a heap-based buffer overflow in the renderer process (CVE-2023-1810, no CVSS yet, "high" risk). The other high-risk vulnerability is based on a use-after-free vulnerability in the frames component of the browser, through which an already freed resource is reused and therefore undefined content can be executed (CVE-2023-1811, not yet CVSS, high). These vulnerabilities could potentially be exploited by attackers with carefully crafted websites to execute foisted code.

The current versions 112.0.5615.47/.48 for Android, 112.0.5615.46 for iOS, 112.0.5615.49 for Linux and Mac and 112.0.5615.49/50 for Windows fix the vulnerabilities. Google distributes them automatically over the coming days. However, due to the risk posed by the vulnerabilities, Chrome users should check promptly whether they are using the current version.

Whether the version used on the computer is already up to date can be checked by clicking on the Chrome menu - which is hidden to the right of the address bar behind the symbol with three vertically stacked dots -, from there to Help - Check via Google Chrome.

The dialog shows the version currently in use, starts downloading and installing the update if necessary, and then prompts you to restart your browser.

About two weeks ago, they had already fixed eight vulnerabilities in Google Chrome.