[German]Google has released updates to the Google Chrome browser in the stable channel for Mac, Linux and Windows on January 16, 2023. This affects both the standard and the extended stable channel The Android app of the Chrome browser has also been updated. The updates contain security fixes, some of which are already being exploited. Here is an overview of these updates.
Google Chrome (Stable)
The announcement can be found on the Google blog. The stable channel has been updated to version 120.0.6099.234 for macOS and Linux (I wonder if this is a typo and version 120.0.6099.224 is being rolled out). For Windows, the update updates the browser to version 120.0.6099.224. Google claims to have fixed the following vulnerability(ies).
- [$16000][1515930] High CVE-2024-0517: Out of bounds write in V8. Reported by Toan (suto) Pham of Qrious Secure on 2024-01-06
- [$1000][1507412] High CVE-2024-0518: Type Confusion in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-12-03
- [$TBD][1517354] High CVE-2024-0519: Out of bounds memory access in V8. Reported by Anonymous on 2024-01-11
All three vulnerabilities listed above are classified as "High", whereby Google writes of four closed vulnerabilities. Google is aware of reports that an exploit for CVE-2024-0519 exists in the wild. The browser should therefore be updated immediately, even if the browser updates itself using the automatic update function. You can also update the browser manually (via the menu and the About Google Chrome command). The latest build of the Chrome browser can also be downloaded here.
Google Chrome (Extended Stable)
In the Extended Stable Channel, Google Chrome for macOS has been updated to version 120.0.6099.234 and for Windows to version 120.0.6099.224/225. It contains the same fixes as in the Stable Channel. The update will be rolled out in the coming days.
Chrome for Android 120.0.6099.230
Furthermore, according to this Google post, Google Chrome for Android has been updated to version 120.0.6099.230 and will be distributed via update in the next few days. This version contains stability and performance improvements, as well as the same security fixes as mentioned above for the desktop versions of the browser.
