Version 109 of Google's Chrome web browser fixes 17 security vulnerabilities. The developers classify two of them as high-risk. Chrome users should check whether their version is up to date. The Google developers are also announcing new functionality and major efforts for the new version.
As usual, only limited information about the fixed vulnerabilities is currently available in the web browser, until a majority of users are updated with a fix.
The developers classify two of the 17 vulnerabilities as high risk, eight as a medium threat and four as a low threat. For three of the gaps no information is available.
The high-risk vulnerabilities concern a use-after-free vulnerability in overview mode, in which already released resources such as pointers or memory are used and have undefined content (CVE-2023-0128). This can often be abused to execute injected code. The second high-risk vulnerability is in the Network Service, where a heap-based buffer overflow can occur (CVE-2023-0129). This also often enables code smuggling.
After the update, Chrome web browsers will have version numbers 109.0.5414.74 for Linux, 109.0.5414.87 for Mac, and 109.0.5414.74/.75 for Windows. There has not been a notification of an update for Android yet. At the same time, Google is raising the Extended Stable Release to version 108.0.5359.179 for Mac and Windows.
To check whether the currently used Chrome version is already bug-fixed under Windows, just click on the Chrome settings menu, which is behind the symbol with the three stacked dots to the right of the address bar. At the bottom of the menu, go to Help and then click About Google Chrome.