AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Security update for Chrome 120

Summary of the issues resolved and details on the implications of the memory leaks

Google has updated Chrome to version 120, fixing 10 security vulnerabilities. The most serious are related to 'use-after-free' issues, potentially dangerous because they can allow the execution of arbitrary code. In the update, Google awarded rewards totaling $15,000 to researchers for reporting such flaws.

This pill is also available in Italian language

Google recently released the update for Chrome in stable version 120, which includes fixes for 10 vulnerabilities. Among these, reported by external researchers, we find five security flaws for which Google has recognized rewards for a total of 15,000 dollars, as indicated in Google's official notice.

Details on fixed vulnerabilities

The most critical issues among those resolved are represented by CVE-2023-6508, recognized as having a high degree of danger linked to a memory usage problem after its release (use-after-free) in the Media Stream component, which was valued at $10,000. In the following place there is the CVE-2023-6509 vulnerability of the same severity category, which instead affects the Side Panel Search component of the browser.

The implications of memory leaks

Use-after-free flaws, which occur due to a failure to "clean up" pointers from freed memory, can lead to arbitrary code execution, data corruption, or denial of service. Furthermore, when combined with other vulnerabilities, they can be exploited to completely compromise a system. In the case of Chrome, these vulnerabilities could allow the sandboxing mechanism to be circumvented, but this would require additional security flaws at the underlying operating system level or in highly privileged processes.

Google releases and active prevention

The current iteration of Chrome ships in version 120.0.6099.62 for macOS and Linux and in version 120.0.6099.62/.63 for Windows. Google also updated the Chrome Extended Stable channel to version 120.0.6099.62 for macOS and 120.0.6099.63 for Windows. The company has not identified any active attacks exploiting the fixed vulnerabilities. It should be noted that a security update for Chrome was issued last week to address CVE-2023-6345, marking the seventh zero-day flaw identified in the browser in 2023.

Follow us on Threads for more pills like this

12/06/2023 14:43

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon