Google has released the Chrome 114 update, which includes patches for four vulnerabilities, including three high-severity bugs reported by external researchers. Bug bounty rewards totaling $35,000 were awarded to the researchers.
Key Takeaways Chrome 114 Update Addresses High-Severity Vulnerabilities:
Table of Contents
- Chrome 114 update fixes four vulnerabilities, three of which were reported by external researchers.
- Bug bounty rewards totaling $35,000 were granted to the reporting researchers.
- The vulnerabilities include a type confusion issue, a use-after-free vulnerability, and a use-after-free flaw in Guest View.
Addressing High-Severity Vulnerabilities in Chrome 114 Update
Google has introduced the Chrome 114 update, which resolves four vulnerabilities, including three high-severity bugs discovered and reported by external researchers. In recognition of their efforts, bug bounty rewards amounting to $35,000 were distributed to the researchers who identified these security issues.
Vulnerability Details and Researchers’ Contributions
The most significant payout of $20,000 was awarded to Man Yue Mo from GitHub Security Lab. Mo identified a type of confusion issue within Chrome’s V8 JavaScript rendering engine (CVE-2023-3420).
Another researcher, Piotr Bania from Cisco Talos, received a $10,000 bug bounty for finding a use-after-free vulnerability in Media (CVE-2023-3421).
Use-after-free vulnerabilities, known for memory corruption issues, can potentially result in arbitrary code execution, data corruption, or denial of service.
Bug Details and Impact
The third externally reported bug, identified as a use-after-free flaw in Guest View (CVE-2023-3422), earned a $5,000 reward for the security researcher ‘asnine.’ Google has not reported any active exploitation of these vulnerabilities.
Chrome Update and Version Information
The latest Chrome update, labeled as version 114.0.5735.198 for macOS and Linux, and versions 114.0.5735.198/199 for Windows, is now being rolled out to users. This update incorporates the necessary fixes to address the identified vulnerabilities and enhance browser security.
Cisco Talos’ Disclosure of CVE-2023-1531
Recently, Cisco Talos provided technical details on CVE-2023-1531, a use-after-free vulnerability in the ANGLE library (Chrome’s cross-platform graphics engine).
This particular vulnerability was resolved in the Chrome 111.0.5563.110 release back in March. The flaw is triggered when a user visits a specially crafted web page, potentially leading to data corruption or leakage.
Conclusion to Chrome 114 Update Addresses High-Severity Vulnerabilities
Google’s Chrome 114 update is a significant step towards bolstering the browser’s security. By addressing high-severity vulnerabilities reported by external researchers, Google demonstrates its commitment to maintaining a secure browsing experience.
Users are encouraged to update their Chrome installations to the latest version to benefit from these crucial security enhancements.
