Chrome 123.0.6312.86/.87 for Windows available

Google's developers have fixed seven security vulnerabilities in the web browser.

Google programmers have sealed seven vulnerabilities in the Chrome web browser. They classify at least one of them as a critical risk. Anyone who uses Chrome should therefore quickly ensure that they are using the latest software version. Chrome is now also available as an optimized version for Windows on Arm.

The according Chrome Releases Blog, Google developers provide information on four of the seven security vulnerabilities. Three were apparently tracked down internally, so Google is withholding all information about them for the time being. Of the four security leaks found externally, the developers classify one as critical and three as high risk.

A use-after-free vulnerability affects Chrome's Angle component, which serves as the WebGL engine. The program code uses resources after they have already been released. This allows access to memory areas with undefined content and can often be misused to smuggle in and execute malicious code. This seems to require hardly any user interaction and can be easily abused with manipulated websites, which led Google to classify the threat level as critical (CVE-2024-2883, no CVSS value, risk critical).

Two use-after-free vulnerabilities affect the Dawn component (CVE-2024-2885, no CVSS value, risk high) and WebCodecs (CVE-2024-2886, no CVSS value, risk high). In WebAssembly, however, type confusion can occur where the data types to be processed do not match those in the program code, which also potentially allows unauthorized access to memory areas (CVE-2024-2887, no CVSS value, risk high).

The versions that have fixed these security vulnerabilities are Google Chrome 123.0.6312.80 for Android, 123.0.6312.86 for Linux and 123.0.6312.86/.87 for macOS and Windows. The extended stable version is still in the 122 version branch, where 122.0.6261.148 is now current under macOS and Windows.

Update Your Version

You can find out whether the current version is already active on your computer using the Chrome version dialog. This can be opened by clicking on the settings menu, which is located behind the symbol with the three vertically stacked dots to the right of the address bar. It can be found there under HelpAbout Google Chrome.

about author