Google Chrome 109 point release fixes 6 security issues
Google published a new version of its Google Chrome Stable web browser for all supported desktop operating systems. The new Chrome 109 point release addresses six different security issues in the browser.
Chrome 109 Security update
The security update is available already and it should be downloaded and installed on most systems with Google Chrome automatically. Some users and administrators may want to speed up the installation to protect the browser against potential exploits that target these vulnerabilities.
The best way to do that is to load chrome://settings/help in the browser's address bar. Chrome checks for updates when the page opens. Any update that it finds is downloaded and installed. A restart of the browser is required before the changes take effect.
The following versions should be displayed on the page after the update has been installed:
- Chrome for Mac and Linux: 109.0.5414.119
- Chrome for Windows: 109.0.5414.119 or 109.0.5414.120
Google mentions that the update includes six security fixes. The company reveals four of them on the official Chrome Releases blog. Security issues that Google discovers internally are never revealed to the public.
Two of the security issues have a severity rating of high, second only to critical. The other two security issues have a rating of medium:
- [$16000] High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kim(chichoo) and Cassidy Kim(@cassidy6564) on 2022-10-19
- [$3000] High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-01-06
- [$7500] Medium CVE-2023-0473: Type Confusion in ServiceWorker API. Reported by raven at KunLun lab on 2023-01-03
- [$TBD] Medium CVE-2023-0474: Use after free in GuestView. Reported by avaue at S.S.L on 2022-12-14
The issues do not appear to be exploited in the wild at the time of writing, as Google mentions it in the blog post when that is the case usually.
Google published an update for the Chrome Extended Stable channel as well, but makes no mention of any security issues fixed in the release. It is unclear if the release is also a security update because of that.
Chrome 109 is the last version that supports Windows 7 and Windows 8.1. The update to the Chrome 109 point release is still supported. Support ends with the release of Chrome 110 in February 2023.
Other Chromium-based browsers may be affected by the security issues as well. Expect updates in the coming days and weeks, if that is the case.
Now You: when do you update your browsers?