Google this week is rolling out security fixes for Chrome users across desktop and mobile platforms, addressing at least two high-risk weaknesses that could compromise users’ security.
In what is basically a security maintenance effort, Chrome 119.0.6045.159 for Mac and Linux and 119.0.6045.159/.160 for Windows don’t bring much oomph in terms of features or new functionality. Instead, the updates focus on security holes recently discovered in the world’s most popular web browser – including two serious enough to warrant an emergency patch.
The flaws, tracked as CVE-2023-5997 and CVE-2023-6112, are described as “use after free” issues in Garbage Collection and Navigation, respectively. Google is awarding a $10,000 bug bounty to the “Anonymous” reporters of the first weakness.
Google designates the risk factor associated with these vulnerabilities as high.
In a use-after-free (UAF) scenario, a motivated attacker could abuse the incorrect use of dynamic memory during program operation and run malicious code on the target system.
There are no reports of anyone actively exploiting these bugs, but this doesn’t mean you should put off updating your Chrome browser – especially on desktop, where updating is as simple as letting Chrome fetch the new version and relaunching the app.
Google consistently plugs these types of security holes with systematic maintenance releases of its widely adopted web-surfing app, keeping users safe from threat actors taking advantage of the weaknesses.
Chrome for Android, updated to version 119.0.6045.163, contains the same fixes as its desktop counterpart.
Chrome for iOS includes the usual “stability and performance improvements,” with no mention of serious bugs addressed for Apple customers – certainly not the two described above.
If you’re a Chrome user, always make these updates a priority – especially when Google marks the addressed flaws as high risk.
Consider using a dedicated security solution on both your computer and your phone to fend off the wider palette of threats making the rounds.