Updates Google Chrome 118.0.5993.70/.71 for Windows and other platforms available

Google has released the weekly Chrome updateWith the weekly security update, Google's developers correct 20 security-related errors in the Chrome web browser. The programmers classify at least one of the security holes as a critical risk.

Google briefly indicates in the according version announcement what the vulnerabilities are. Brief information is only available on 14 of the 20 leaks because they were reported by external IT security researchers. Of these, Google employees classify one as critical, eight as medium risk and five as low threat.

The most serious vulnerability affects Chrome's site isolation component. This allows attackers to abuse a use-after-free vulnerability to apparently execute malicious code (CVE-2023-5218, no CVSS value, risk critical). With this type of vulnerability, the program code accesses already shared resources such as pointers or memory areas, which attackers can often exploit to execute injected code. The loopholes are apparently not yet being abused in the wild.

The vulnerabilities are corrected in versions Google Chrome 118.0.5993.65 for Android, 118.0.5993.69 for iOS, 118.0.5993.70 for Linux and Mac and 118.0.5993.70/.71 for Windows. Under Linux, the distribution's own software management brings the web browser up to date; for mobile devices, the respective app stores are responsible for this. Otherwise, the route leads via the settings menu, which can be found behind the symbol with the three stacked dots to the right of the address bar, and then via Help - About Google Chrome to the version dialog.