Google addressed six security vulnerabilities in its web browser Chrome, none of them actively exploited in the wild.
Google released Chrome version 109.0.5414.119 for Mac and Linux and 109.0.5414.119/.120 for Windows to address a total of six vulnerabilities.
Four of the addressed flaws were reported by external researchers that were awarded for more than $26,500 for their findings. Below are the flaws reported by the researchers:
- [$16000] High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kim(chichoo) and Cassidy Kim(@cassidy6564) on 2022-10-19
- [$3000] High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-01-06
- [$7500] Medium CVE-2023-0473: Type Confusion in ServiceWorker API. Reported by raven at KunLun lab on 2023-01-03
- [$TBD] Medium CVE-2023-0474: Use after free in GuestView. Reported by avaue at S.S.L on 2022-12-14
The good news is that Google is not aware of attacks in the wild exploiting one of these vulnerabilities.
|[adrotate banner=”9″]||[adrotate banner=”12″]|
The post Google Chrome 109 update addresses six security vulnerabilities appeared first on Security Affairs.