Google released Chrome 113 security update with 12 security fixes
Google has just released an update for its Chrome web browser that addresses several security issues in it. Google Chrome 113 Stable and Google Chrome 112 Extended Stable address 12 different security issues in the web browsers.
The new versions of Google Chrome are available already. Most Chrome installations will receive the update automatically, but some may need to be updated manually. Chrome users may speed up the updating to prevent potential attacks that target one of the patched security issues.
To update Google Chrome manually, select Menu > Help > About Google Chrome from the main menu. Google Chrome displays the installed version, checks for updates and will install any new version of the web browser that it finds automatically. A restart is still required to complete the process.
The About Google Chrome page should list one of the following versions after the update:
- Chrome for Mac or Linux: 113.0.5672.126
- Chrome for Windows: 113.0.5672.126 or 113.0.5672.127
- Chrome Extended for Windows or Mac: 112.0.5615.204
These versions include the latest security patches for the browser.
Chrome 113: the security fixes
Google published information about some of the vulnerabilities patched in the new Chrome version on its Chrome Releases blog.
The company publishes information about vulnerabilities reported by third-party researchers only. A total of six different security issues are listed on the page. The remaining six were discovered internally and are not disclosed.
- [$TBD] Critical CVE-2023-2721: Use after free in Navigation. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2023-05-10
- [$7000] High CVE-2023-2722: Use after free in Autofill UI. Reported by Rong Jian of VRI on 2022-12-14
- [$3000] High CVE-2023-2723: Use after free in DevTools. Reported by asnine on 2023-04-21
- [$NA] High CVE-2023-2724: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-04-14
- [$TBD] High CVE-2023-2725: Use after free in Guest View. Reported by asnine on 2023-05-04
- [$1500] Medium CVE-2023-2726: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry on 2023-05-03
One of the externally reported security issues has a severity of critical, the highest possible rating. There are four security issues with a high rating, and one with a medium rating. The critical issue is described as a "use after free in navigation".
Use after free vulnerabilities exploit the use of dynamic memory by programs. Exploits may lead to arbitrary code execution, data corruption or crashes. Three additional use after free issues were reported to Google by third-party researchers.
Google makes no mention of exploits in the wild that it is aware of. Chrome users may still want to update their browsers as soon as possible, and system administrators may also want to update Chrome installations under their management to prevent future attacks against these issues.
Expect other Chromium-based browsers to release updates to address shared issues in the coming days as well.
Also they changed the font of letters to a new one, more looks like the web ver. of chrome. I didnt like that change.
No font changes have been noticed here.
These “Use after free” vulnerabilities are all related to programmer errors, and “Type confusion” vulnerabilities” are particularly nasty and dangerous. I would be hesitant to use a Chrome/chromium based browser with Google’s extremely high number of similar vulnerabilities the past 5 years, especially given how many of them have been actively exploited in the wild.
The weekly Andy Prough fact check, brought to your by Iron Heart who also wrote the last one:
> These “Use after free” vulnerabilities are all related to programmer errors
> I would be hesitant to use a Chrome/chromium based browser with Google’s extremely high number of similar vulnerabilities the past 5 years,
And I would be hesitant listening to walking Firefox ads and trolls like you who constantly lie by omission in order to promote FF. Blink and WebKit are the only relevant browser engines, I expect them to be the most attacked. As does anyone else. Firefox is not more secure. madaidan has an interesting article up about the actual state of FF’s security, have you read that one?
> especially given how many of them have been actively exploited in the wild.
Citation needed, many are internal findings.
Scaremongering nonsense. SpiderMonkey is not more secure either, rather the opposite is the case.
Do you spew similar nonsense on the Phoronix forums, I vaguely remember reading your trash there too, Mr. Pale Moon user (most secure browser out right now, this Pale Moon!).
Ah, a sweet letter from my dear old friend Iron Lung. I missed you too.
There’s a new version of Pale Moon out since yesterday, version 32.2.0, you should try it, website compatibility is now through the roof.
From your comments in the Pale Moon forum, I know that you can at times articulate yourself like a normal human being. But here, I only read trolling and trash takes coming from you. It’s as if you put on your clown makeup whenever you visit gHacks, and remove it when you leave. You only talk halfway normal when discussing things you believe in. But there is a problem, you know: The things you believe in are usually dying garbage. I am just saying it as it is. It’s your prerogative to believe in dying garbage of course, but what I don’t like is that you spread misinformation about other, actually relevant projects, in order to promote said dying garbage. You should stop this nonsense, it will be debunked anyway. Why even try?