ClickCease Chrome 116 Update Fixes 4 High-Severity Vulnerabilities

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Chrome 116 Update Fixes 4 High-Severity Vulnerabilities

Rohan Timalsina

September 22, 2023 - TuxCare expert team

Recently, Google released a Chrome 116 update, which includes the security fixes for four high-severity vulnerabilities discovered by external researchers.

This blog post will discuss all the patches with their types and potential risks to the system.

 

High-Severity Vulnerabilities Fixed in Chrome 116

CVE-2023-4761

An out-of-bounds memory access flaw was discovered in the FedCM API. This could enable a remote attacker, who had successfully compromised the renderer process, to conduct an out-of-bounds memory read through a crafted HTML page.

 

What is an out-of-bounds memory vulnerability?

An out-of-bounds memory access vulnerability occurs when a program tries to read from or write to a memory location that is outside the bounds of the memory allotted for a particular data structure, like an array or a buffer. This may have a number of unwanted and potentially detrimental effects, such as data corruption, software crashes, or, in the worst circumstances, security flaws that attackers might exploit.

 

CVE-2023-4762

Another fix in the Chrome 116 update is a type confusion vulnerability discovered in the V8 JavaScript engine. As a result, a remote attacker could execute arbitrary code through a crafted HTML page.

 

What is a type confusion vulnerability?

When a program or script misinterprets or improperly handles the data types of objects or variables, it creates a type confusion vulnerability. It may result in unexpected behavior, security holes, and potentially exploitable weaknesses in the software.

 

CVE-2023-4763

A use-after-free flaw was found in Networks, which could create the potential for a remote attacker to exploit heap corruption through a specially crafted HTML page.

 

What is a use-after-free vulnerability?

When a program or application tries to access or utilize a memory address in a computer’s memory (RAM) after that memory has been released or deallocated, it is known as a use-after-free vulnerability. To put it another way, it’s an effort to “use” memory that has already been designated as “free” or “released.” Use-after-free flaws have the potential to weaken security seriously and can be used by attackers to take over a system or application.

 

CVE-2023-4764

The last vulnerability addressed in this Chrome 116 update is an incorrect security UI flaw in BFCache, which could allow an attacker to spoof the contents of the Omnibox (URL bar) through a crafted HTML page.

Google is currently in the process of determining the bug bounty rewards that will be granted to the researchers who reported these findings.

 

Final Words

The Stable and Extended Stable channels have been updated to version 116.0.5845.179 for Linux. As Google has marked them as high in terms of severity, it is essential to update Chrome to this new version as soon as possible to protect your system. These updates will roll out gradually over the upcoming days and weeks.

 

The sources for this article include a story from SecurityWeek.

Summary
Chrome 116 Update Fixes 4 High-Severity Vulnerabilities
Article Name
Chrome 116 Update Fixes 4 High-Severity Vulnerabilities
Description
Chrome 116 update addresses four high-severity vulnerabilities, including out-of-bounds memory access and type confusion flaws.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter