Google Chrome 119.0.6045.159/.160 for Windows available
The update fixes four security vulnerabilities with at least two of which are considered high-risk.
Google's developers have closed four security holes in the updated version of the Chrome web browser that has now been published. At least two of them are considered high risk by the manufacturer.
For example, with manipulated websites, attackers can probably inject and execute malicious code - but Google does not name the specific effects or triggers.
The Chrome Releases blog provides information for two of the vulnerabilities. Accordingly, two were found internally, about which the company is initially withholding any information.
One of the vulnerabilities affects Chrome's garbage collection. Under circumstances that are not explained, it accesses resources that were previously released in the program flow - a use-after-free gap. Attackers can often misuse these to inject and execute malicious code (CVE-2023-5997, no CVSS yet, risk high according to Google). A second vulnerability concerns the navigation of the browser. Attackers can abuse such a use-after-free vulnerability in ways that are not explained (CVE-2023-6112, no CVSS, high).
The versions Google Chrome 119.0.6045.163 for Android, 119.0.6045.169 for iOS, 119.0.6045.159 for Linux and macOS as well as 119.0.6045.159/.160 for Windows no longer contain the listed errors. Google's developers have updated the extended stable version of Chrome to 118.0.5993.144 for macOS and Windows, but without naming the changes.
To ensure that the browser is already running in the latest version, just click on the settings menu, which can be found to the right of the address bar under the icon with the three stacked dots, and then click Help - About Google Chrome.
The version dialog shows the currently running version of the browser and starts the update process if available. At the end, the dialog prompts you to restart the web browser.