Chrome 117.0.5938.149/.150 for Windows and other platforms available
The update fixes a high-threat vulnerability.
Google seems to be back on track with weekly updates for the Chrome web browser. On Wednesday night this week, the manufacturer released an update that is intended to eliminate a high-risk security vulnerability.
The error description remains brief as usual. The vulnerability is of type confusion, where data types do not match those expected in the program code, potentially accessing memory areas outside of intended limits and, in some cases, executing malicious code. The JavaScript engine V8, which is also used in the Chromium project, is affected (CVE-2023-5346, no CVSS classification, Google's assessment of the risk is high). The vulnerability is apparently not yet being exploited in the wild, as Google does not write anything about this in the according Chrome Releases announcement.
The secured browser versions are Google Chrome 117.0.5938.153 for Android, 117.0.5938.149 for Linux and Mac and 117.0.5938.149/.150 for Windows. In Android, the update search can be initiated in the Google Play Store; in Linux, the distribution's own software management is responsible for this. In Windows, clicking on the symbol with the three stacked dots to the right of the address bar and then via Help to About Google Chrome leads to the version dialog.
It displays the current version and starts the update process if necessary. At the end it finally asks you to restart the browser to activate the changes. Other providers such as Microsoft with the Edge browser, which rely on the Chromium project, are also expected to offer an updated browser version shortly. IT managers and users should also check whether they are already using the current version.
Only a week ago, Google patched ten vulnerabilities in Chrome with an update. One of them was a zero-day vulnerability and has already been exploited.