Google Chrome 113.0.5672.126/.127 available

Google has released an update for the Chrome web browser. The update fixes one critical security vulnerability. It allows attackers to inject and execute malicious code.

The update includes corrections that seal twelve security gaps, Google writes in the release blog. At least one of the vulnerabilities is critical, four pose a high security risk and Google developers classify one as a medium threat.

The most serious vulnerability that the new browser version fixes is a "Use after free" vulnerability in the navigation component. The program code incorrectly accesses resources that have already been released, the content of which is therefore undefined and possibly contains or references malicious code. In the CVE entry, the developers explain that it is a case of memory scrambling on the heap that attackers possibly can abuse by means of a manipulated website (CVE-2023-2721, risk critical).

Of the high-risk vulnerabilities listed, three are also "Use after free" vulnerabilities, in the Autofill-UI, DevTools, and Guest-View components (CVE-2023-2722, CVE-2023-2723, CVE-2023-2725, high risk). A type confusion error can occur in the JavaScript engine V8, in which the data types used do not match and unintended memory areas can therefore be accessed unintentionally (CVE-2023-2724, high).

The bugs fix Chrome versions 113.0.5672.121 for iOS, 113.0.5672.126 for Linux and Mac, and 113.0.5672.126/.127 for Windows. Meanwhile, Google has upgraded the Extended Stable version of the web browser for Mac and Windows to version 112.0.5615.204.

Whether the version used on the computer is already up to date can be checked by clicking on the Chrome menu - which is hidden to the right of the address bar behind the symbol with three vertically stacked dots -, from there to Help - Check via Google Chrome.

The dialog shows the version currently in use, starts downloading and installing the update if necessary, and then prompts you to restart your browser.

Google last updated the Chrome web browser two weeks ago, fixing 15 security vulnerabilities.