Chrome security update addresses a critical security issue
Google published an update for its Google Chrome web browser earlier today that addresses five security issues in the web browser, one of which is rated critical.
The security update is available already and most Chrome installations should be updated to the new release automatically. Chrome users may select Menu > Help > About Google Chrome, or load chrome://settings/help directly, to display the installed version and run a check for updates. Chrome will download and install any update that it finds during the check.
The version should be the following one after the update, depending on the operating system that is used on the device:
- Chrome for Mac and Linux: 114.0.5735.133
- Chrome for Windows: 114.0.5735.133 or 114.0.5735.134
Google plans to roll out the update to the entire Chrome population "over the coming days/weeks".
Google released updates for Chrome for iOS and Android as well, but these do not address security issues according to the short release notes on the Chrome releases blog.
The vulnerabilities
Google fixed five security issues in the Chrome web browser. The company lists four of them on the official Chrome Releases blog. The fifth was discovered internally and Google does not reveal information about security issues discovered internally.
One of the security issues has a severity rating of critical, the three remaining ones that Google disclosed a severity rating of high. Google makes no mentions of exploits in the wild, but administrators should update the Chrome web browser as soon as possible to protect it from attacks that target these vulnerabilities.
The critical security issue, CVE-2023-3214, is a use after free in "autofill payments" according to Google's description. The remaining vulnerabilities are a use after free in WebRTC and WebXR, and a type confusion in V8.
Other Chromium-based browsers are affected by security issues as well. Expect updates for these browsers in the coming days that address the security issues fixed in Google Chrome.
John G. comment “Thank you very much for showing us the real truth of everything.”
You have nothing to say that would go against the legit research and opinions expressed by the security experts in the links i provided, instead you choose to use “two line sentence sarcasm” in an attempt disparage my comment and undermine the knowledge contained in the links i provided with being a white knight for iron heart. Lol. Really? Why not just say nothing at all?
I do genuinely believe that Iron Heart has not a clue what he is talking about and is very much a google tech/big-tech fan as is the madaidan guy he references a link to in an attempt spread garbage opinions and outdated views on here. I do genuinely believe i make many of his comments look ridiculous because he spreads misinformation.
I will give some examples of how Iron Heart is very lacking in knowledge with some of his comments and how a lot of security experts would never agree with him. He is just a Firefox hater talking garbage i believe, when i say chrome is consistently insecure, that opinion is backed up with a link reporting on how chrome is the most insecure browser of 2022. When i say FOSS offers better security than closed source products, that opinion is shared among many genuine security experts.
Iron Heart comment (1) “– You are still citing Firefox having nominally fewer security issues – due to an evident lack of popularity – as proof that it is secure as in base code security. ”
Iron Heart comment (2)– You still insinuate that the code being public makes a product more secure. News flash, only better code quality(!) does, it being public adds absolutely nothing here. The developer teams at Microsoft or Apple are not small at all. Linux can be used for better transparency / accountability but to claim it is more secure because the code is public is a non-sequitur. This NEVER directly follows from something being open source.
https://www.ghacks.net/2023/06/10/time-to-update-firefox-114-0-1-fixes-a-startup-crash/
(1) The guy that uses the term “non-sequitur” a lot is clearly wrong here. Chrome gets a lot more security issues than Firefox, that is a fact, and by a lot, it really is a LOT MORE security issues, hundreds more issues in 2022. This likely can not simply be blamed on Chrome just being popular, something else is probably going on there and google are just not as good programmers as people think they are. They are consistently failing with making chrome secure.
Second point is that Iron Heart is very disingenious in saying Firefox having less security issues (notice how he says nominally fewer security issues, as if to downplay the issues there, he is a dedicated google fan i believe lol) than Chrome is just simply down to popularity alone and than that Firefox is not secure as in base code security. This stupidity from Iron Heart also feeds into (2) of which i will talk about below.
(2) Firefox is FOSS, it is always under the watchful eye as regards security improvements by a massive FOSS community and Mozilla. It is a trusted and pretty secure browser that gets less issues than Chrome.
Iron Heart says that FOSS code being public offers no security advantage, only better code quality offers an advantage LMAO. How can people from the FOSS community and many security experts know what is or what is not better code quality? know what is or what is not secure? know what is or what is not privacy respecting? if the code is closed source? This is how Iron Heart is completely clueless on this subject.
Again, any real security expert would not agree with him, see here.
Igor Bidenko, CISO of Simplex Solutions. “Linux is the most secure OS, as its source is open. Anyone can review it and make sure there are no bugs or back doors.”
Linux code is reviewed by the tech community, which lends itself to security: By having that much oversight, there are fewer vulnerabilities, bugs and threats.”
Microsoft may tout its large team of paid developers, but it’s unlikely that team can compare with a global base of Linux user-developers around the globe. Security can only benefit through all those extra eyeballs.”
https://www.computerworld.com/article/3252823/why-linux-is-better-than-windows-or-macos-for-security
The same logic applies to Firefox, security can only benefit through all those EXTRA eyeballs. Privacy respecting software can only be really seen to be something privacy respecting if it is FOSS, because only then can people see the code and whether it really is privacy respecting, more eyes on the code also means better potential for less bugs, security issues.
This is why Firefox is more respected in the Linux community, it is because it is trusted. The code is trusted. Chrome is closed source, if Chrome was FOSS, there likely would be even more vulnerabilities found. I don’t think any linux distro installs a chromium browser by default, maybe 1 or 2, but certainly not many.
Again back to Iron Heart comment on how he really does not know what he is talking about as regards FOSS, Firefox and Linux.
Iron Heart comment “but to claim it is more secure because the code is public is a non-sequitur. This NEVER directly follows from something being open source.”
The guy is completely clueless on this topic i believe.
“Other Chromium-based browsers are affected by security issues as well. ”
As some among us already know, Google failings in securing their closed source browser also affects other browsers using chromium codebase, because “you can put lipstick on a pig but chromium is still primarily google engineered code developed primarily for a market dominant closed source monopoly environment = CHROME and even EDGE” and it is a bit naive for chromium codebase browser makers to think they are not under the same path that google leads them down, which is *DRUM ROLL PLEASE* Serious and consistent security failings as companies (google) who primarily develop for closed source software are just terrible programmers, with no real invention and true respect for the advantages of privacy and FOSS which comes under the scrutiny of a massive FOSS community with eyes on the code! Chromium codebase provides the vast majority of code for the Google Chrome browser, which is proprietary software. Using that codebase comes with loads of security issues, lack of privacy features, even though chromium is FOSS, it is just googles garbage. Putting lipstick on a pig, does not change the fact it is a pig. The chromium codebase is an over bloated pig.
Google Chrome is reportedly riddled with security issues
Google Chrome is littered with potential security issues that could be putting millions of users at risk, a report has said.
New research from Atlas VPN citing data provided by the VulDB vulnerability database claims Google’s famed browser has so far had 303 discovered vulnerabilities, and is an “all-time leader with a total of 3,159 cumulative vulnerabilities.”
https://www.techradar.com/news/google-chrome-is-reportedly-riddled-with-security-issues
Firefox and the forks of it are the only true and secure alternative to bug-ridden consistently insecure chromium codebase, which powers closed source garbage like Chrome and Edge primarily, lesser market share chromium based browsers like Brave are in the big tech circus, but pretending they are outside it, if they were really outside it they would not be using chromium, neither would vivaldi, they are just not real alternatives as they just inflate the chromium monopoly.
Pale Moon at least can be considered an alternative, as that at least has its own engine Goanna, however it is indeed inferior to Firefox and true forks of Firefox as Pale Moon does not have any of the Rust language components that were added to Gecko during Mozilla’s Quantum/servo project which enhances Firefox security and puts it in a right direction. Applications that use Goanna always run in single-process mode, whereas Firefox became a multi-process application and is just a more modern browser.
This is what people who constantly start whining about Firefox taking away some addons and themes do not understand, Firefox had to update Gecko to make it more secure and modern with Rust and Quantum/Servo so the new Quantum CSS engine could run better on modern multi core CPU’s and maintain decent speed. This is one of the reasons why XUL add-ons had to be eventually phased out, they were creating performance problems in the new code, Mozilla just found it probably more convenient to adhere to WebExtensions API FULLY so users could have access to more extensions, because most browser extensions are more popular on Chrome. Pale Moon is a painfully outdated and a slower less secure browser in comparison to Firefox, it is a sad truth that XUL add ons are just outdated, but people like to whine and live in the past.
@Andy Prough
People who just want convenience do exist. Fortunately though, to protect such people, Firefox does not save the CVV number of the card. At least the people who want convenience do have some type of protection by default.
Note that Firefox will never save the three- or four-digit card security code (often called a “CVV number” or “CSV number”) found on the front or back of your credit card.
https://www.howtogeek.com/728368/how-to-view-your-saved-credit-card-numbers-in-firefox/
That being said, still not a good idea to trust a web browser with such sensitive details, but some people just want convenience over security, must be the reason why the masses choose an inferior browser such as chrome, convenience over privacy and security or just the fact that google chrome and edge (closed source crap) are installed by default on google and microsoft operating systems (closed source crap). People are just too lazy to look for better software such as Firefox or better operating systems such as a good linux distro (open source) which mainly have as their default browser *DRUM ROLL PLEASE* Firefox, yes you guessed it, Firefox (open source) is the GO-TO for linux community.
Have fun Iron Heart making excuses for google shoddy security and letting us all know that the more popular a browser is the better it is and more cutting edge technology it has and firefox is dying because it has a lower market share than closed source crap chrome, edge and safari.
Which is funny, because Brave has a lower market share than Chrome, Edge, safari and Firefox, but you consider Firefox irrelevant even though it is the main FOSS browser, when you say Firefox is irrelevant, that is a a statement that also says the linux community is irrelevant because linux distros almost always use Firefox by default. You are full of contradictions, ignorance and stupidity as you base the merits and quality of a browser on popularity alone, which according to your own logic would mean Brave should be irrelevant? lol. Only ignorant people would base the quality of software on its popularity.
Also Iron Heart, before you say i type nonsense again or try to make yourself look ridiculous again with your ignorant replies, go listen to some real security experts about the advantages of FOSS and Linux distros, real researchers who put a name to their opinion and do not use a pseudonym like madaidan talking garbage.
Why Linux is better than Windows or macOS for security
Of course, an important differentiator is that Linux is open source. The fact that coders can read and comment upon each other’s work might seem like a security nightmare, but it actually turns out to be an important reason why Linux is so secure, says Igor Bidenko, CISO of Simplex Solutions. “Linux is the most secure OS, as its source is open. Anyone can review it and make sure there are no bugs or back doors.”
Linux code is reviewed by the tech community, which lends itself to security: By having that much oversight, there are fewer vulnerabilities, bugs and threats.”
Microsoft may tout its large team of paid developers, but it’s unlikely that team can compare with a global base of Linux user-developers around the globe. Security can only benefit through all those extra eyeballs.”
there is clear consensus that Linux is the safest choice for the desktop
https://www.computerworld.com/article/3252823/why-linux-is-better-than-windows-or-macos-for-security
You hear that Iron Heart?
“Anyone can review it and make sure there are no bugs or back doors.”
That is the true advantage of FOSS and why Linux distros are more secure and can easily be made to be more secure than the competition.
This applies to Firefox aswell, but you Iron Heart try to fool others into thinking Firefox is not secure. Firefox can be made very secure with a few extensions and JS switched off. Firefox is under constant review by a large FOSS community, do you really think linux distro programmers are stupid or something for putting Firefox as default in their distros? You Iron Heart have not the slightest clue what you are talking about, and would rather support closed source garbage like chrome over FOSS like Firefox, if it gives you a chance to hate on Firefox. You also do not speak for all Firefox users by saying they don’t do this, they don’t do that etc, about : config hardening guides are way more popular than you think lol.
The first comment you made here was about Firefox as if to hate on it, anyone says something about chrome, you say something bad about firefox lol. You are a google fan, for that i am pretty sure.
Firefox users make you look not as smart ok i get it, but that should not be a reason to hate on Firefox for that fact alone, you are more into ad-hominems than a good and honest critique of Firefox. Your knowledge on the subject is clearly lacking and you are even disingenuous sometimes when speaking about Firefox saying it has no rust.
I make you look ridiculous in these discussions as you have no idea what you are even talking about.
“Popularity Heart” > “I make you look ridiculous in these discussions as you have no idea what you are even talking about.”
We are glad to know that you enjoy with our despicable comments.
Thank you very much for showing us the real truth of everything.
Credit card in autofill payments is just the perfect recipe for the disaster.
>”The critical security issue, CVE-2023-3214, is a use after free in “autofill payments” according to Google’s description.”
I’ve never understood how anyone could trust a web browser to keep copies of their credit card and bank account info and supply it auto-magically to random websites for payment. Just seems like a recipe for disaster.
Credit card in autofill payments is just the perfect recipe for the disaster.
@Andy Prough
Firefox does that too by default.
>”Firefox does that too by default.”
You are right. Browsers shouldn’t even be trying to save the info. And I think Chrome and Firefox try to auto-save and form-fill your address info as well. You mis-click on one of those form-fill context menus, and you’ve just given someone everything they need to empty your account.