Chrome 114 Update Addresses High-Severity Vulnerabilities

236 views 1 minutes read

Google has released the Chrome 114 update, which includes patches for four vulnerabilities, including three high-severity bugs reported by external researchers. Bug bounty rewards totaling $35,000 were awarded to the researchers.

Key Takeaways Chrome 114 Update Addresses High-Severity Vulnerabilities:

  • Chrome 114 update fixes four vulnerabilities, three of which were reported by external researchers.
  • Bug bounty rewards totaling $35,000 were granted to the reporting researchers.
  • The vulnerabilities include a type confusion issue, a use-after-free vulnerability, and a use-after-free flaw in Guest View.

Addressing High-Severity Vulnerabilities in Chrome 114 Update

Google has introduced the Chrome 114 update, which resolves four vulnerabilities, including three high-severity bugs discovered and reported by external researchers. In recognition of their efforts, bug bounty rewards amounting to $35,000 were distributed to the researchers who identified these security issues.

Vulnerability Details and Researchers’ Contributions

The most significant payout of $20,000 was awarded to Man Yue Mo from GitHub Security Lab. Mo identified a type of confusion issue within Chrome’s V8 JavaScript rendering engine (CVE-2023-3420).

Another researcher, Piotr Bania from Cisco Talos, received a $10,000 bug bounty for finding a use-after-free vulnerability in Media (CVE-2023-3421).

Use-after-free vulnerabilities, known for memory corruption issues, can potentially result in arbitrary code execution, data corruption, or denial of service.

Bug Details and Impact

The third externally reported bug, identified as a use-after-free flaw in Guest View (CVE-2023-3422), earned a $5,000 reward for the security researcher ‘asnine.’ Google has not reported any active exploitation of these vulnerabilities.

Chrome Update and Version Information

The latest Chrome update, labeled as version 114.0.5735.198 for macOS and Linux, and versions 114.0.5735.198/199 for Windows, is now being rolled out to users. This update incorporates the necessary fixes to address the identified vulnerabilities and enhance browser security.

Cisco Talos’ Disclosure of CVE-2023-1531

Recently, Cisco Talos provided technical details on CVE-2023-1531, a use-after-free vulnerability in the ANGLE library (Chrome’s cross-platform graphics engine).

This particular vulnerability was resolved in the Chrome 111.0.5563.110 release back in March. The flaw is triggered when a user visits a specially crafted web page, potentially leading to data corruption or leakage.

Conclusion to Chrome 114 Update Addresses High-Severity Vulnerabilities

Google’s Chrome 114 update is a significant step towards bolstering the browser’s security. By addressing high-severity vulnerabilities reported by external researchers, Google demonstrates its commitment to maintaining a secure browsing experience.

Users are encouraged to update their Chrome installations to the latest version to benefit from these crucial security enhancements.

Leave a Comment

About Us

CyberSecurityCue provides valuable insights, guidance, and updates to individuals, professionals, and businesses interested in the ever-evolving field of cybersecurity. Let us be your trusted source for all cybersecurity-related information.

Editors' Picks

Trending News

©2010 – 2023 – All Right Reserved | Designed & Powered by HostAdvocate

CyberSecurityCue (Cyber Security Cue) Logo
Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list for the latest news and updates.

You have Successfully Subscribed!

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More