Google has updated the Stable channel for Chrome to version to 109.0.5414.119 for Mac and Linux and 109.0.5414.119/.120 for Windows. The newest version of the browser includes fixes for six vulnerabilities. Four of the flaws were submitted by external researchers. These include use after free vulnerabilities in WebTransport, WebRTC, and GuestView, and a type confusion vulnerability in ServiceWorker API.
- Practitioner’s note: Remember that Chrome patches are applied automatically when it starts. So for those of you who never close your browser, this is your reminder to do so regularly. (-:
- The update addresses two critical use-after-free flaws, the most severe CVE-2023-0471 has a CVSS score of 8.8. Currently there is no evidence of active exploitation. Good news is, after 2022, we’re all good at deploying Chrome updates. Bad news is, browsers will continue to have flaws, and your users will continue to demand using them as if they don’t.
Read more in