Google Chrome 118 update fixes 2 security issues

Google release a point update for Chrome 118 today that addresses two security issues in the web browser. The new version is available already via the browser's integrated updating system and as a separate download from the official Chrome website.

The official release announcements confirm the security update for all desktop versions and the Android version.

Desktop users may select Menu > Help > About Google Chrome to display the current version. Opening the page runs a check for updates; the new security update should get picked up by Chrome at this point and installed.

The latest versions that include the fixes are:

• Chrome for Mac and Linux: 118.0.5993.117
• Chrome for Windows: 118.0.5993.117 or 118.0.5993.118
• Extended Chrome for Mac: 118.0.5993.117
• Extended Chrome for Windows: 118.0.5993.118
• Chrome for Android: 118.0.5993.111

Chrome 118: point update with security fixes

Google lists just one of the two security issues that it addressed in the point update on the official releases blog. It lists only externally reported security issues on the page traditionally.

The listed security issue is CVE-2023-5472, a user after free in Profiles. Its severity rating is high. Google makes no mention of exploits in the wild, but users should still consider updating Chrome as soon as possible.

Use after free security issues allow attackers to access a memory location that has been freed. This may lead to undesirable behavior, such as crashes, remote code execution attacks or privilege escalation.

End of Theora support

Google announced this week that it will deprecate and remove Theora video code support from its Chrome web browser in the future. Google cites emerging security risks and low usage as the two main reasons. According to Google, zero day attacks have spiked against media codecs. Additionally, usage of the codec has "fallow below measurable levels".

Support for off containers remains, however.

The company published the following timeline regarding end of support:

• October 23, 2023 -- 50/50 tests in Canary Dev.
• November 1-6, 2023 -- 50/50 beta experiments.
• December 6, 2023 -- 1% stable experiments.
• January 8, 2024 -- 50% stable experiments.
• January 16, 2024 -- 100% stable.
• February 2024 -- removal of code and chrome://flag in Chrome 123.

Closing Words

Desktop users should upgrade Chrome asap to fix the security issues. Android users can't speed up the installation, but it is in distribution via Google Play already.

Now You: when do you upgrade your browsers?

Advertisement