[German]Google has released updates to Google Chrome Browser 111 in the stable channel for Mac, Linux and Windows as of March 7, 2023. Mac and Linux now reach version 111.0.5563.64, while for Windows, versions 111.0.5563.64/.65 are ready. These are security updates that fix critical vulnerabilities. The Extended Stable Channel and Android have also been updated.
Google Chrome 111.0.5563.64/65
The relevant entry for Chrome 111 can be found on the Google blog. The stable channel has been updated to version 111.0.5563.64 for macOS and Linux. For Windows, the update updates the browser to version 111.0.5563.64/.65. The bug fix updates close 40 vulnerabilities, including those listed below.
- [$15000][1411210] High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-30
- [$10000][1412487] High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03
- [$7000][1417176] High CVE-2023-1215: Type Confusion in CSS. Reported by Anonymous on 2023-02-17
- [$4000][1417649] High CVE-2023-1216: Use after free in DevTools. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-02-21
- [$3000][1412658] High CVE-2023-1217: Stack buffer overflow in Crash reporting. Reported by sunburst of Ant Group Tianqiong Security Lab on 2023-02-03
- [$3000][1413628] High CVE-2023-1218: Use after free in WebRTC. Reported by Anonymous on 2023-02-07
- [$TBD][1415328] High CVE-2023-1219: Heap buffer overflow in Metrics. Reported by Sergei Glazunov of Google Project Zero on 2023-02-13
- [$TBD][1417185] High CVE-2023-1220: Heap buffer overflow in UMA. Reported by Sergei Glazunov of Google Project Zero on 2023-02-17
- [$10000][1385343] Medium CVE-2023-1221: Insufficient policy enforcement in Extensions API. Reported by Ahmed ElMasry on 2022-11-16
- [$7000][1403515] Medium CVE-2023-1222: Heap buffer overflow in Web Audio API. Reported by Cassidy Kim(@cassidy6564) on 2022-12-24
- [$5000][1398579] Medium CVE-2023-1223: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-12-07
- [$5000][1403539] Medium CVE-2023-1224: Insufficient policy enforcement in Web Payments API. Reported by Thomas Orlita on 2022-12-25
- [$5000][1408799] Medium CVE-2023-1225: Insufficient policy enforcement in Navigation. Reported by Roberto Ffrench-Davis @Lihaft on 2023-01-20
- [$3000][1013080] Medium CVE-2023-1226: Insufficient policy enforcement in Web Payments API. Reported by Anonymous on 2019-10-10
- [$3000][1348791] Medium CVE-2023-1227: Use after free in Core. Reported by @ginggilBesel on 2022-07-31
- [$3000][1365100] Medium CVE-2023-1228: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2022-09-18
- [$2000][1160485] Medium CVE-2023-1229: Inappropriate implementation in Permission prompts. Reported by Thomas Orlita on 2020-12-20
- [$2000][1404230] Medium CVE-2023-1230: Inappropriate implementation in WebApp Installs. Reported by Axel Chong on 2022-12-30
- [$TBD][1274887] Medium CVE-2023-1231: Inappropriate implementation in Autofill. Reported by Yan Zhu, Brave on 2021-11-30
- [$2000][1346924] Low CVE-2023-1232: Insufficient policy enforcement in Resource Timing. Reported by Sohom Datta on 2022-07-24
- [$1000][1045681] Low CVE-2023-1233: Insufficient policy enforcement in Resource Timing. Reported by Soroush Karami on 2020-01-25
- [$1000][1404621] Low CVE-2023-1234: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-01-03
- [$1000][1404704] Low CVE-2023-1235: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-03
- [$TBD][1374518] Low CVE-2023-1236: Inappropriate implementation in Internals. Reported by Alesandro Ortiz on 2022-10-14
As usual, no details are given. Google also states that various fixes have been made based on results from internal audits, fuzzing and other initiatives. Chrome will be rolled out to systems via the automatic update feature in the next few days. One can (and in this case should) also update the browser manually (via the menu and the About Google Chrome command). The latest build of the Chrome browser can also be downloaded here. (via)
Google Chrome 110.0.5481.192 (Extended Stable)
Google Chrome 110.0.5481.192 for Windows and Mac has been published in the Extended Stable Channel. The relevant entry for Chrome 110 can be found on the Google blog. As usual, no details are given.
Google Chrome 111.0.5563.57/.58 für Android
A Chrome for Android update raises the browser for Android to version 111.0.5563.57/.58.