Google Chrome version 117.0.5938.132 for Windows, Mac, and Linux has been set to release with multiple bug fixes and features. As per Google, this new version will be rolled out in a few weeks or days.
Previously, Google has fixed multiple vulnerabilities in Chrome version 117.0.5938.62, which were associated with Insufficient policy enforcement, Inappropriate Implementation of Prompts, Inputs, Intents, and much more.
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
Google Chrome Zero-day
As per the release from Google Chrome, 10 security fixes were issued along with three high-severity vulnerabilities as part of this release. The vulnerabilities were CVE-2023-5217, CVE-2023-5186, and CVE-2023-5187. The severity of these vulnerabilities is being analyzed for categorization by the National Vulnerability Database (NVD).
However, CVE-2023-5217 is known to have been exploited in the wild. This was a Heap buffer overflow vulnerability that existed in the vp8 encoding in libvpx. Google provided no further information about this vulnerability.
CVE-2023-5186 was a Use-after-free condition in the Passwords, and CVE-2023-5187 was another Use-after-free condition in Extensions of Google Chrome.
Proof of concept is not yet publicly available for these vulnerabilities. However, as for the rewards, CVE-2023-5187 has been rewarded with $2000, whereas the other two vulnerabilities’ reward details were yet to be released by Google. In addition to this, several internal audits and fuzzing-related fixes were also done as part of this release.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.” reads the security release by Google.
Users of Google Chrome are recommended to upgrade to the latest version of Google Chrome to prevent these vulnerabilities from getting exploited by threat actors.