Google released Chrome 113 security update with 12 security fixes
Google has just released an update for its Chrome web browser that addresses several security issues in it. Google Chrome 113 Stable and Google Chrome 112 Extended Stable address 12 different security issues in the web browsers.
The new versions of Google Chrome are available already. Most Chrome installations will receive the update automatically, but some may need to be updated manually. Chrome users may speed up the updating to prevent potential attacks that target one of the patched security issues.
To update Google Chrome manually, select Menu > Help > About Google Chrome from the main menu. Google Chrome displays the installed version, checks for updates and will install any new version of the web browser that it finds automatically. A restart is still required to complete the process.
The About Google Chrome page should list one of the following versions after the update:
- Chrome for Mac or Linux: 113.0.5672.126
- Chrome for Windows: 113.0.5672.126 or 113.0.5672.127
- Chrome Extended for Windows or Mac: 112.0.5615.204
These versions include the latest security patches for the browser.
Chrome 113: the security fixes
Google published information about some of the vulnerabilities patched in the new Chrome version on its Chrome Releases blog.
The company publishes information about vulnerabilities reported by third-party researchers only. A total of six different security issues are listed on the page. The remaining six were discovered internally and are not disclosed.
- [$TBD] Critical CVE-2023-2721: Use after free in Navigation. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2023-05-10
- [$7000] High CVE-2023-2722: Use after free in Autofill UI. Reported by Rong Jian of VRI on 2022-12-14
- [$3000] High CVE-2023-2723: Use after free in DevTools. Reported by asnine on 2023-04-21
- [$NA] High CVE-2023-2724: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-04-14
- [$TBD] High CVE-2023-2725: Use after free in Guest View. Reported by asnine on 2023-05-04
- [$1500] Medium CVE-2023-2726: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry on 2023-05-03
One of the externally reported security issues has a severity of critical, the highest possible rating. There are four security issues with a high rating, and one with a medium rating. The critical issue is described as a "use after free in navigation".
Use after free vulnerabilities exploit the use of dynamic memory by programs. Exploits may lead to arbitrary code execution, data corruption or crashes. Three additional use after free issues were reported to Google by third-party researchers.
Google makes no mention of exploits in the wild that it is aware of. Chrome users may still want to update their browsers as soon as possible, and system administrators may also want to update Chrome installations under their management to prevent future attacks against these issues.
Expect other Chromium-based browsers to release updates to address shared issues in the coming days as well.