Google has released Chrome version 119, which includes patches for 15 vulnerabilities, with 13 of them reported by external researchers. Among these vulnerabilities, three are rated as “high” severity.
Furthermore, these include issues related to Payments, USB data validation, and an integer overflow in USB. Google has paid out $16,000 for the first flaw and $11,000 for the second but has yet to determine the amount for the third issue.
Additionally, the remaining 10 security defects reported by external researchers are divided into eight of “medium severity” and two with “low” severity. Half of the medium-severity issues are use-after-free problems affecting various Chrome components. The other half includes incorrect security UI issues and inappropriate implementation flaws in Downloads. The low-severity issues involve an inappropriate implementation in WebApp Provider and an incorrect security UI in ‘Picture In Picture’.
In total, Google has paid out more than $40,000 in bug bounty rewards to the researchers, with the final amount potentially being even higher as the bounties for three of the bugs are yet to be determined.
Google typically restricts access to the bug details “until a majority of users are updated with a fix.” The latest Chrome version 119 is being rolled out to Linux, macOS, and Windows users, while Chrome for Android and iOS has also received updates with the same security fixes. Google has not reported any active exploitation of these vulnerabilities in the wild.
