Google addresses five security issues in Chrome 116 point update
Google published a point update for Chrome 116 today that addresses five security issues in the desktop versions and the Android version of the web browser. The update is available already, but it may take several days or even weeks before most devices that Chrome is installed on are updated.
Chrome users who run the browser on the desktop systems Windows, Linux or macOS may run a manual check for updates to install the security update immediately. This is done by either selecting Help > Menu > About Google Chrome, or by loading chrome://settings/help directly. The page that opens displays the installed version and Chrome runs a check for updates whenever the page is opened. It should find the Chrome 116 point update and install it. A restart is required to complete the process.
Chrome users who open the About Chrome Page after installation of the latest update should see the following version listed on the page:
- Chrome for macOS and Linux: 116.0.5845.110
- Chrome for Windows: 116.0.5845.110 or 116.0.5845.111
- Chrome for Android: 116.0.5845.114
Chrome 116 security update
Google lists five fixed security issues on the Chrome Releases blog. Four of the vulnerabilities have a severity rating of high, one a severity rating of medium. The fixes address two use after free vulnerabilities in Vulkan and Loader, and three out of bounds memory access vulnerabilities in CSS, V8 and Fonts.
Google does not mention exploits in the wild, but this could change in the coming days. Other Chromium-based web browsers are also affected by the security issue and should receive updates in the coming days or weeks to address these.
- [$10000][1469542] High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2023-08-02
- [$3000][1469754] High CVE-2023-4429: Use after free in Loader. Reported by Anonymous on 2023-08-03
- [$2000][1470477] High CVE-2023-4428: Out of bounds memory access in CSS. Reported by Francisco Alonso (@revskills) on 2023-08-06
- [$NA][1470668] High CVE-2023-4427: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-08-07
- [$NA][1469348] Medium CVE-2023-4431: Out of bounds memory access in Fonts. Reported by Microsoft Security Researcher on 2023-08-01
Chrome for Android is affected by the same vulnerabilities as the desktop versions. Android users can't force the installation of the update, as this is handled via Google Play exclusively on Android.
Google released the main Chrome 116 update on last week. The release addressed a total of 26 different security issues and also added more Telemetry to the browser. The company announced plans to switch to a weekly security update schedule to push security updates quickly to devices.
Now You: do you run Google Chrome? When do you update the browser?
Those who question Google will be censored!
Imagine making a browser that needs weekly updates to stay secure. That’s why I keep using Firefox.
Never talk about Firefox or criticize Google or Brave. That will trigger him and get him to cope hard.
> Firefox
> secure
Choose one, can’t have both.
_https://madaidans-insecurities.github.io/firefox-chromium.html_
Irrelevance to attackers is not the same as security of the base code.
> madaidan
> true
Choose one, can’t have both.
https://www.zdnet.com/article/germanys-cyber-security-agency-recommends-firefox-as-most-secure-browser/
personal blog is not the same as professional security researchers.
madaidan
> True
> Fit your anti-Firefox agenda
Choose one, can’t have both.
That’s just playing with semantics. When you use Firefox you’re targeted less and that’s what matters at the end of the day. Even if on a technical level there are holes, de facto there are less people going through them so it makes for a more secure experience overall.
Weekly updates are the best idea by Google. I hope MS will do the same too.
Browsers are such a critical attack vector on a PC that I am glad Google has decided to increase their update cycle to address the security weaknesses.