Google Chrome 111 update fixes 8 security issues
Google released another security update for Chrome 111 that addresses security issues in the web browser. The new update is available for all desktop and mobile platforms.
The eight security issues have an aggregate severity rating of high, and include several use after free and out of bounds vulnerabilities. Google makes no mention of exploits in the wild, which suggests that these vulnerabilities are not exploited actively at the time of writing.
Chrome users, at least those on the desktop, may want to update the browser to the latest version immediately to protect their systems against potential exploits.
Selecting Menu > Help > About Google Chrome displays the current version of the web browser. Chrome runs a check for updates when the page is opened, and it will download and install updates when it discovers them during the scan. A restart of the web browser is required to complete the process.
The following version should be returned after the installation of the update on the device:
- Chrome for Mac 111.0.5563.110
- Chrome for Linux 111.0.5563.110
- Chrome for Windows 111.0.5563.110 or 111.0.5563.111
- Chrome Extended for Windows and Mac: 110.0.5481.208
- Chrome for Android: 111.0.5563.115 or 111.0.5563.116
Chrome 111: the security issues
Google lists seven of the eight vulnerabilities on the Chrome Releases blog. The company does not reveal security issues that it discovered internally in its release announcements.
All seven of the publicly disclosed vulnerabilities have a severity rating of high:
- [$10000] High CVE-2023-1528: Use after free in Passwords. Reported by Wan Choi of Seoul National University on 2023-03-07
- [$8000] High CVE-2023-1529: Out of bounds memory access in WebHID. Reported by anonymous on 2023-02-27
- [$7000] High CVE-2023-1530: Use after free in PDF. Reported by The UK's National Cyber Security Centre (NCSC) on 2023-02-27
- [$TBD] High CVE-2023-1531: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos on 2023-02-13
- [$NA] High CVE-2023-1532: Out of bounds read in GPU Video. Reported by Mark Brand of Google Project Zero on 2023-03-03
- [$TBD] High CVE-2023-1533: Use after free in WebProtect. Reported by Weipeng Jiang (@Krace) of VRI on 2023-03-07
- [$NA] High CVE-2023-1534: Out of bounds read in ANGLE. Reported by Jann Horn and Mark Brand of Google Project Zero on 2023-03-08
The next major version of Google Chrome will be released on March 29, 2023.Advertisement