Chrome 120 Patches 10 Vulnerabilities

Google on Tuesday announced the release of Chrome 120 to the stable channel with patches for 10 vulnerabilities.
Of the resolved issues, five were reported by external researchers, who received a total of $15,000 in bug bounty rewards, according to Google's advisory.
Based on the reward handed out, the most serious of the flaws is CVE-2023-6508, a high-severity use-after-free issue in Media Stream.
Next in line is CVE-2023-6509, a high-severity use-after-free defect that impacts Chrome's Side Panel Search component.
The latest browser release also resolves a medium-severity use-after-free vulnerability in Media Capture, and two low-severity inappropriate implementation flaws, in Autofill and Web Browser UI. A type of memory corruption bugs that occur when the pointer is not cleared after freeing memory allocation, use-after-free issues could lead to the execution of arbitrary code, to data corruption, or denial-of-service.
When combined with other vulnerabilities, use-after-free defects may be exploited to fully compromise a system.
In Chrome, use-after-free flaws could be exploited to escape the sandbox.
For that the exploitation of a security defect in the underlying operating system or in a privileged process is required.
Google has long fought memory corruption bugs and last year announced improved protections against the exploitation of use-after-free vulnerabilities in Chrome.
The latest Chrome iteration is now rolling out as version 120.0.6099.62 for macOS and Linux and as versions 120.0.6099.62/.63 for Windows.
Google also announced that it has updated the Chrome Extended Stable channel to version 120.0.6099.62 for macOS and to version 120.0.6099.63 for Windows.
The internet giant makes no mention of any of the addressed vulnerabilities being exploited in malicious attacks.
Last week, Google pushed a Chrome security update to address CVE-2023-6345, the seventh zero-day flaw documented in the browser in 2023.


This Cyber News was published on www.securityweek.com. Publication date: Wed, 06 Dec 2023 15:28:05 +0000


Cyber News related to Chrome 120 Patches 10 Vulnerabilities

Chrome 120 Patches 10 Vulnerabilities - Google on Tuesday announced the release of Chrome 120 to the stable channel with patches for 10 vulnerabilities. Of the resolved issues, five were reported by external researchers, who received a total of $15,000 in bug bounty rewards, according to ...
11 months ago Securityweek.com
Google Chrome 120 Released with Patch for 10 Critical Security Flaws - Google has recently released Chrome 120 for Windows, Mac, and Linux. This version of Chrome comes with 10 security patches to ensure a safer browsing experience for its users. The most recent versions of Chrome available to users are 120.0.6099.62 ...
11 months ago Cybersecuritynews.com
Google Patches Six Vulnerabilities With First Chrome Update of 2024 - Google on Wednesday announced the first Chrome security update of 2024, which resolves six vulnerabilities, including four reported by external researchers. All the four externally reported security defects are high-severity memory safety flaws, but ...
10 months ago Securityweek.com
Google Rushes to Patch Eighth Chrome Zero-Day This Year - Google on Wednesday announced emergency patches for a Chrome vulnerability that is under active exploitation. The issue, tracked as CVE-2023-7024, is described as a high-severity heap buffer overflow bug in Chrome's WebRTC component. Supported by ...
10 months ago Securityweek.com
Google Rushes to Patch Eighth Chrome Zero-Day This Year - Google on Wednesday announced emergency patches for a Chrome vulnerability that is under active exploitation. The issue, tracked as CVE-2023-7024, is described as a high-severity heap buffer overflow bug in Chrome's WebRTC component. Supported by ...
10 months ago Packetstormsecurity.com
Google Online Security Blog: Sustaining Digital Certificate Security - The Chrome Security Team prioritizes the security and privacy of Chrome's users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to ...
4 months ago Security.googleblog.com
Google Chrome Use After Free Flaw Let Attacker Hijack Browser - The latest stable channel update for Google Chrome, version 120.0.6099.199 for Mac and Linux and 120.0.6099.199/200 for Windows, is now available and will shortly be rolled out to all users. The Extended Stable channel has been updated to ...
10 months ago Gbhackers.com
New ISC Security Patches Released for 2021: What You Need to Know - The Internet Systems Consortium (ISC), the largest provider of open-source Internet infrastructure software, has released new security patches designed to mitigate data breaches and other cyber threats. These new security patches, released in January ...
1 year ago Thehackernews.com
GitLab Patches: Severe SAML Authentication Bypass Flaw Fixed - Security Boulevard - In addition to these patches, OmniAuth SAML has been upgraded to version 2.2.1 and Ruby-SAML to 1.17.0. It’s worth mentioning that the issue only impacts self-managed instances; therefore, users of GitLab Dedicated instances do not need to take any ...
1 month ago Securityboulevard.com
Chrome 120 Update Patches High-Severity Vulnerabilities - Google on Tuesday announced the release of a Chrome 120 security update that addresses nine vulnerabilities, six of which were reported by external researchers. Of the externally reported flaws, five have a severity rating of 'high', four of which ...
10 months ago Securityweek.com
Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
9 months ago Darkreading.com
Google patches third exploited Chrome zero-day in a week - Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week. The company fixed the zero-day flaw with the release of 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60. ...
5 months ago Bleepingcomputer.com
Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
11 months ago Darkreading.com
Ivanti discloses new zero-day flaw, releases delayed patches - Ivanti Wednesday released patches for two critical zero-day vulnerabilities that were disclosed earlier this month, but also warned customers of two new flaws, including a new zero-day that's under exploitation in the wild. In a security advisory on ...
9 months ago Techtarget.com
Creating a formula for effective vulnerability prioritization - In this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities. Gorelik discusses challenges posed by regulatory frameworks, incomplete asset ...
10 months ago Helpnetsecurity.com
Key software patch testing best practices - To ensure a predictable rollout when a patch is deployed across your network, it is important to test it first in a nonproduction environment. Companies install software and firmware patches to fix bugs, remove vulnerabilities and add new features, ...
6 months ago Techtarget.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
5 months ago Securityaffairs.com
21 Vulnerabilities in Sierra Wireless Routers Could Expose Critical Infrastructure to Attacks - Some Sierra Wireless cellular routers are affected by 21 vulnerabilities, including ones that could pose a significant risk to impacted organizations, including in critical infrastructure sectors, according to network security and risk management ...
11 months ago Securityweek.com
21 Vulnerabilities in Sierra Wireless Routers Could Expose Critical Infrastructure to Attacks - Some Sierra Wireless cellular routers are affected by 21 vulnerabilities, including ones that could pose a significant risk to impacted organizations, including in critical infrastructure sectors, according to network security and risk management ...
11 months ago Packetstormsecurity.com
How to Keep Your Data Secure: Leaks, Breaches, Patches and Tweaks - In today’s world, data security is more important than ever. With the rise of cybercrime, data breaches, and security threats, it’s essential to stay vigilant when it comes to protecting your data. In this article, we discuss the latest news on ...
1 year ago Nakedsecurity.sophos.com
Weekly VulnRecap - The new year brought few new vulnerabilities, and only Ivanti Endpoint Manager and Kyber, the quantum resistant encryption algorithm, publicized new vulnerabilities or fixes. Most news derived from the active attacks on multiple older ...
10 months ago Esecurityplanet.com
Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 - On Jan. 10, 2024, Ivanti disclosed two new vulnerabilities in their Ivanti Connect Secure and Ivanti Policy Secure gateways: CVE-2023-46805 and CVE-2024-21887. The first CVE is a High severity authentication bypass vulnerability, and the second CVE ...
9 months ago Unit42.paloaltonetworks.com
CISA warns of actively exploited bugs in Chrome and Excel parsing library - The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information ...
10 months ago Bleepingcomputer.com
How To Secure Your ManageEngine Software from Known Exploited Vulnerabilities Catalog - Software providers and IT systems administrators are always looking for ways to keep their networks safe. The ever-evolving threat landscape and increasing sophistication of malicious hackers make security a key concern. Among the many technologies ...
1 year ago Securityaffairs.com
VMWare Patches Two Critical Vulnerabilities - How to Stay Secure - VMWare, one of the leading providers in virtualization solutions, recently released patches for two critical vulnerabilities. The vulnerabilities, identified as CVE-2023-10000 and CVE-2023-20001, have been determined to have severe security ...
1 year ago Thehackernews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)