Google has published the Chrome web browser in version 115. The developers fixed 20 vulnerabilities.
The Google developers do not give details in the according announcement. However, they provide a rough indication of vulnerabilities that external IT researchers have reported. This time there were only eleven of the gaps. Of these, Google classifies four as high risk, six as medium risk and one as low risk for users.
Google Chrome: High-Risk Vulnerabilities
Two use-after-free vulnerabilities affect the WebRTC component for real-time communication between computers (CVE-2023-3727, CVE-2023-3728; both still without CVSS value, risk high according to Google). With this type of vulnerability, the program code incorrectly accesses resources after they have been released, the previous memory areas of which are then filled with undefined content. This can often lead to the execution of injected malicious code.
A similar gap also affects the tab groups (CVE-2023-3730, still without CVSS value, high). A vulnerability in the Mojo component also allows memory accesses outside the reserved bounds (CVE-2023-3732, no CVSS, high).
Google Chrome: Check current status
Whether the version used on the computer is already up to date can be checked by clicking on the Chrome menu - which is hidden to the right of the address bar behind the symbol with three vertically stacked dots -, from there to Help - Check via Google Chrome.
The dialog shows the version currently in use, starts downloading and installing the update if necessary, and then prompts you to restart your browser.