[German]Google has released updates to the Google Chrome browser 112 in the stable channel for Mac, Linux and Windows on April 4, 2023. These are security updates that fix critical vulnerabilities. The apps for Android and iOS have also been updated.
Google Chrome 112.0.5615.49/.50
The relevant entry for Chrome 112.0.5615.49/.50 can be found on the Google blog. The stable channel has been updated to version 12.0.5615.49 for macOS and Linux. For Windows, the update updates the browser to version12.0.5615.49/50. The bug fix updates address 16 vulnerabilities, including those listed below.
- [$5000][1414018] High CVE-2023-1810: Heap buffer overflow in Visuals. Reported by Weipeng Jiang (@Krace) of VRI on 2023-02-08
- [$3000][1420510] High CVE-2023-1811: Use after free in Frames. Reported by Thomas Orlita on 2023-03-01
- [$5000][1418224] Medium CVE-2023-1812: Out of bounds memory access in DOM Bindings. Reported by Shijiang Yu on 2023-02-22
- [$5000][1423258] Medium CVE-2023-1813: Inappropriate implementation in Extensions. Reported by Axel Chong on 2023-03-10
- [$3000][1417325] Medium CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2023-02-18
- [$2000][1278708] Medium CVE-2023-1815: Use after free in Networking APIs. Reported by DDV_UA on 2021-12-10
- [$1000][1413919] Medium CVE-2023-1816: Incorrect security UI in Picture In Picture. Reported by NDevTK on 2023-02-08
- [$1000][1418061] Medium CVE-2023-1817: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2023-02-22
- [$NA][1223346] Medium CVE-2023-1818: Use after free in Vulkan. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research, Eric Lawrence, Microsoft, Patrick Walker (@HomeSen), and Kirtikumar Anandrao Ramchandani on 2021-06-24
- [$NA][1406588] Medium CVE-2023-1819: Out of bounds read in Accessibility. Reported by Microsoft Edge Team on 2023-01-12
- [$TBD][1408120] Medium CVE-2023-1820: Heap buffer overflow in Browser History. Reported by raven at KunLun lab on 2023-01-17
- [$1000][1413618] Low CVE-2023-1821: Inappropriate implementation in WebShare. Reported by Axel Chong on 2023-02-07
- [$500][1066555] Low CVE-2023-1822: Incorrect security UI in Navigation. Reported by 강우진 on 2020-04-01
- [$TBD][1406900] Low CVE-2023-1823: Inappropriate implementation in FedCM. Reported by Jasper Rebane (popstonia) on 2023-01-13
As usual, no details are given. Google also states that various fixes have been made based on results from internal audits, fuzzing and other initiatives. Chrome will be rolled out to systems via the automatic update feature in the next few days. One can (and in this case should) also update the browser manually (via the menu and the About Google Chrome command). The latest build of the Chrome browser can also be downloaded here. Thanks to the reader for the tip.
Google Chrome 112.0.5615.47/.48 for Android
The Chrome for Android app is raised to version 112.0.5615.47/.48.
Google Chrome 112.0.5615.46 for iOS
The Chrome for iOS app is raised to version 112.0.5615.46.