Google Chrome 109.0.5414.119/.120 for Windows available
Six vulnerabilities have been fixed in the web browser.
Google has released updates to the Chrome web browser. The updates for different platforms fix six security-related vulnerabilities. Two of these are considered as high-risk. Due to the severity of the vulnerabilities, attackers can use compromised websites to inject malicious code into a computer.
As usual, Google is reluctant to provide detailed information on the security-related errors that have been fixed. In total, however, the developers have closed six vulnerabilities, two of which represent a high risk and two a medium risk.
A vulnerability in WebTransport, i.e. a client-server transmission module that supports http/3, for example, uses resources after they have been released, which means that their contents are undefined. Such use-after-free vulnerabilities can often be abused to execute smuggled malicious code. According to the according CVE entry, attackers could abuse this with manipulated HTML pages to provoke memory scrambling on the heap.
The same type of error with the same attack vector and potential outcome affects the WebRTC interface, which is used for real-time communication using microphones and webcams, for example. Google classifies the vulnerability as high-risk (CVE-2023-0472).
Check version status
The current versions for Chrome are now 109.0.5414.119 for Linux and Mac, 109.0.5414.119/.120 for Windows, 109.0.5414.117/.118 for Android and 109.0.5414.112 for iOS.
Since the vulnerabilities appear to pose a greater threat, Chrome users should check whether they are already using the current version. To do this, they have to go to the Chrome menu, which opens by clicking on the symbol with the three vertically stacked dots to the right of the address bar. The corresponding dialog can be found there under Help - About Google Chrome. It will display the current version or this will start downloading and installing the update. Finally, the dialog indicates that the web browser needs to be restarted and offers this as an option.
Since the vulnerabilities are usually also present in the underlying Chromium project, other web browsers based on it, such as Microsoft's Edge, should also get an update shortly.
Two weeks ago, Google released version 109 of the Chrome browser.