Google pushes yet another security update to its Chrome browser
Just when Chrome desktop users thought they could take a breather, it's time for yet another update -- this one with a host of security fixes. Chrome version 120 is now officially available for Windows, Mac, and Linux, and you'll want to install this one if only to get all 10 bug fixes with two of them ranked highly critical.
Announcing the new Chrome update in a blog post on Tuesday, Google said that Chrome version 120.0.6099.62 for Linux and Mac and version 120.0.6099.62.63 for Windows include several fixes and improvements. Out of the 10 security patches contained in the update, the company described and rated the following five, all of which were reported by external security researchers.
- [1497984] High CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy Kim(@cassidy6564) on 2023-10-31.
- [1494565] High CVE-2023-6509: Use after free in Side Panel Search. Reported by Khalil Zhani on 2023-10-21.
- [1480152] Medium CVE-2023-6510: Use after free in Media Capture. Reported by [pwn2car] on 2023-09-08.
- [1478613] Low CVE-2023-6511: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-09-04.
- [1457702] Low CVE-2023-6512: Inappropriate implementation in Web Browser UI. Reported by Om Apip on 2023-06-24.
Among the two ranked high, the one labeled "Use after free in MediaStream" could allow a remote attacker to exploit corruption in memory by using a specially crafted HTML page, a bug that has plagued Chrome in the past. The one labeled "Use after free in Side Panel Search" could allow an attacker to trick the user by exploiting memory corruption through specific types of interactions.
A Google spokesperson provided further details on these two security patches.
"These are both fixes for use-after-free bugs, a common type of memory safety issue which occurs when a program attempts to use memory that has been deallocated, or freed, already by another part of the program because it was no longer needed by that part of the program," the spokesperson told ZDNET.
With all its bug fixes in tow, version 120 will automatically roll out over the coming days and weeks, according to Google. But instead of waiting, you'll want to update the browser sooner than later.
To perform the update, open Chrome, click the three-dot icon at the top, hover your mouse pointer over Help, and then select About Google Chrome. The update will automatically download and install. Relaunch the browser and go back to the About Google Chrome page. You should now see Chrome listed as up-to-date with the version at 120.