Google has unveiled its latest Chrome 115 update, a significant move aimed at addressing vulnerabilities within the popular web browser. In total, the update tackles 17 vulnerabilities, 11 of which were brought to light by external researchers.
This Chrome update doesn’t stop there – it also effectively addresses six other high-severity vulnerabilities. Among these, CVE-2023-4071, identified as a heap buffer overflow bug in Visuals, takes the lead in terms of severity.
Following closely are an out-of-bounds read and write issue in WebGL (CVE-2023-4072), and an out-of-bounds memory access flaw in the ANGLE graphics engine abstraction layer (CVE-2023-4073). The remaining high-severity security defects, three in number, were externally reported and revolve around use-after-free vulnerabilities in Blink Task Scheduling, Cast, and WebRTC.
In addition to these critical fixes, the Chrome 115 update also addresses two medium-severity bugs in Extensions, specifically related to insufficient data validation and an inappropriate implementation issue.
Google’s commitment to enhancing cybersecurity is evident through the total bug bounty rewards amounting to $123,000 that were distributed to the diligent reporting researchers. The updated version of Chrome, numbered 115.0.5790.170, has begun its rollout for Mac and Linux users, with versions 115.0.5790.170/.171 catering to Windows users. Notably, Google has stated that there is no indication of any of these vulnerabilities being exploited in attacks, emphasizing its proactive approach to security.