New Google Chrome update fixes high-risk vulnerability

In the weekly update for the Chrome web browser, the programmers have closed a security vulnerability that they classify as a high risk. Attackers from the network can abuse the vulnerability with manipulated websites, for example, in order to inject malicious code. Users should ensure that the current version of the browser is already active.

The vulnerability is a use-after-free vulnerability in the MediaStream component of the browser. Manipulated HTML pages can create memory scrambling on the heap. Such vulnerabilities can often be exploited to execute foisted malicious code (CVE-2023-472, no CVSS, risk high).

The web browser is up-to-date on the various platforms in different versions. On Android, the version number is now 116.0.5845.163, while the new version for Apple's iOS is 116.0.5845.146. If you use Linux or macOS, you should use version 116.0.5845.140. According to the release announcement, version Google Chrome 116.0.5845.140/.141 is free of the vulnerability for Windows users.

To check whether the current version is already running, users can call up the version dialog. This can be done by clicking on the browser menu, which is hidden behind the symbol with the three stacked dots to the right of the address bar. From there, the path continues via Help - About Google Chrome. The dialog shows the currently running version and, if necessary, starts the update process. Eventually, it prompts you to restart the software to run the new, secure code. If you use Linux, you should start the software management of the distribution for the update.

With the Chrome update from last week, the developers even closed five security gaps, some of which were classified as high risk.