Google addressed six security vulnerabilities in its web browser Chrome, none of them actively exploited in the wild.
Google released Chrome version 109.0.5414.119 for Mac and Linux and 109.0.5414.119/.120 for Windows to address a total of six vulnerabilities.
Four of the addressed flaws were reported by external researchers that were awarded for more than $26,500 for their findings. Below are the flaws reported by the researchers:
- [$16000][1376354] High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kim(chichoo) and Cassidy Kim(@cassidy6564) on 2022-10-19
- [$3000][1405256] High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-01-06
- [$7500][1404639] Medium CVE-2023-0473: Type Confusion in ServiceWorker API. Reported by raven at KunLun lab on 2023-01-03
- [$TBD][1400841] Medium CVE-2023-0474: Use after free in GuestView. Reported by avaue at S.S.L on 2022-12-14
The good news is that Google is not aware of attacks in the wild exploiting one of these vulnerabilities.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Chrome)
[adrotate banner=”5″]
[adrotate banner=”13″]
The post Google Chrome 109 update addresses six security vulnerabilities appeared first on Security Affairs.
