Google has released a new update for its Chrome browser that closes multiple security holes. According to the company, the update includes twelve security gap corrections, with at least one vulnerability classified as critical. Only six of the vulnerabilities were reported by external IT security researchers.
One of the critical vulnerabilities fixed in the update is of the use-after-free type which allows attackers to inject and execute malicious code in the navigation component. Three other high-risk vulnerabilities are also use-after-free vulnerabilities in the Autofill-UI, DevTools, and Guest-View components. A type confusion error can happen in the JavaScript engine V8, which allows attackers to access unintended memory areas.
The update fixes Chrome versions 113.0.5672.121 for iOS, 113.0.5672.126 for Linux and Mac, and 113.0.5672.126/.127 for Windows. Users can check if their browser is updated by clicking on the symbol with three stacked dots on the right side of the address bar and on “Help – “About Google Chrome.” Under Linux, the distribution’s own software management typically delivers the updates.
Since the vulnerabilities affect the underlying Chromium project, web browsers based on it, such as Microsoft Edge, should also update soon. Google last updated the Chrome web browser two weeks ago, closing 15 vulnerabilities in the process. The update to version branch 113 brought support for WebGPU, and Chrome was the first browser to implement support for it.
