AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Security update for Chrome 120

Summary of the issues resolved and details on the implications of the memory leaks

Google has updated Chrome to version 120, fixing 10 security vulnerabilities. The most serious are related to 'use-after-free' issues, potentially dangerous because they can allow the execution of arbitrary code. In the update, Google awarded rewards totaling $15,000 to researchers for reporting such flaws.

This pill is also available in Italian language

Google recently released the update for Chrome in stable version 120, which includes fixes for 10 vulnerabilities. Among these, reported by external researchers, we find five security flaws for which Google has recognized rewards for a total of 15,000 dollars, as indicated in Google's official notice.

Details on fixed vulnerabilities

The most critical issues among those resolved are represented by CVE-2023-6508, recognized as having a high degree of danger linked to a memory usage problem after its release (use-after-free) in the Media Stream component, which was valued at $10,000. In the following place there is the CVE-2023-6509 vulnerability of the same severity category, which instead affects the Side Panel Search component of the browser.

The implications of memory leaks

Use-after-free flaws, which occur due to a failure to "clean up" pointers from freed memory, can lead to arbitrary code execution, data corruption, or denial of service. Furthermore, when combined with other vulnerabilities, they can be exploited to completely compromise a system. In the case of Chrome, these vulnerabilities could allow the sandboxing mechanism to be circumvented, but this would require additional security flaws at the underlying operating system level or in highly privileged processes.

Google releases and active prevention

The current iteration of Chrome ships in version 120.0.6099.62 for macOS and Linux and in version 120.0.6099.62/.63 for Windows. Google also updated the Chrome Extended Stable channel to version 120.0.6099.62 for macOS and 120.0.6099.63 for Windows. The company has not identified any active attacks exploiting the fixed vulnerabilities. It should be noted that a security update for Chrome was issued last week to address CVE-2023-6345, marking the seventh zero-day flaw identified in the browser in 2023.

Follow us on WhatsApp for more pills like this

12/06/2023 14:43

Editorial AI

Last pills

Career opportunities in Italian intelligence: entering the heart of securityFind out how to join the intelligence forces and contribute to national security

Hacker attack impacts Microsoft and US federal agenciesNational security implications and strategic responses to credential theft

Implications and repercussions of the serious cyberattack on the Lazio NHSConsequences and punitive measures after the ransomware attack that brought the regional healthcare system to its knees

Telecommunications security: flaw exposes conversations and 2FA to the risk of interceptionRisk of privacy violation through call diversion: measures and industry responses