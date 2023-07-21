



Google updated its Chrome web browser again this week. This update includes over 20 security fixes across Windows, Mac and Linux versions.

Eleven of these security issues have confirmed vulnerabilities and have been assigned Common Vulnerabilities and Exposures (CVE) numbers and associated severity ratings. We encourage all Chromium-powered browser users to make sure they are updated as soon as possible. Four vulnerabilities have a high CVE rating and six have a moderate CVE rating.

What are the four top-rated new Chrome security vulnerabilities?

Here are four Chrome security vulnerabilities that have been assigned high CVE ratings, and a $16,000 total bounty awarded to hackers who reported them to Google.

CVE-2023-3727 is a vulnerability in the Web Real-Time Communications (WebRTC) service that allows text, video, and voice communications between devices and browsers. Cassidy Kim was awarded a $7,000 reward for reporting this incident.

CVE-2023-3728 is another WebRTC vulnerability, and Zhenghang Xiao was rewarded with $7000 for reporting it to Google.

CVE-2023-3730 is a vulnerability in the Tab Groups functionality. GinggilBesel was awarded a $2000 reward for reporting it.

CVE-2023-3732 did not earn a bounty because it was reported by Mark Brand, a member of Google’s Project Zero team tasked with tracking zero-day vulnerabilities. This is not a zero day, but a memory access issue in the Chrome interprocess communication system known as Mojo.

Google has not yet released detailed technical information about these vulnerabilities in order to allow as many users as possible to update Chrome before the details are made public.

Google Chrome Vulnerability Disclosure Statement

What are the 6 New Medium Chrome Security Vulnerabilities?

Six Chrome security vulnerabilities assigned a medium CVE rating and hackers who reported them to Google were also rewarded with a total bounty of $16,000.

CVE-2023-3733 is a vulnerability in the improper implementation of the Chrome WebApp Install functionality. Ahmed ElMasry was awarded a $5,000 bounty for reporting to Google.

CVE-2023-3734 is another improper implementation vulnerability, this time in the floating video picture-in-picture feature. A separate prize of $5,000 was awarded for this matter. This time it was awarded to Thomas Orlita.

CVE-2023-3735 is, as you might guess, an improper implementation vulnerability. This time, it affects permission prompts for web application programming interfaces (APIs). Ahmed Elmasri, who also discovered it, was awarded an additional $2,000 reward.

The remaining three moderate vulnerabilities are also poorly implemented.

CVE-2023-3736 affects custom tab functionality and was reported by Philipp Beer who won a $2000 bounty.

CVE-2023-3737 affects notification functionality. This was reported by his Narendra Bhati, who was also awarded a $2000 bounty.

CVE-2023-3738 affected autofill functionality and earned Hafiizh $1000.

How to make sure your Chromium-powered browser is protected

You can expect browsers to automatically download security updates, but that alone isn’t enough to reliably protect against exploitation of patched vulnerabilities. Why? This is because most Chromium-powered browsers require an application restart for the update to take effect. This is fine for users who dutifully close their browsers after each browsing session. For power users and lazy users who keep multiple tabs open and rarely restart applications, it certainly does. OK, with that in mind, all Google Chrome users should[ヘルプ]|[バージョン情報]We recommend visiting the options. This will automatically start downloading any available updates. Once this is done, hit the restart button. With the July 18th security update, Chrome browser version 115.0.5790.98 on Mac and Linux and 115.0.5790.98/99 on Windows. However, there was also a bug fix update on July 20th that brought Chrome to 115.0.5790.102 across his three operating system platforms.

Other browsers that use the Chromium engine will also be updated. These have already appeared or may appear in the next few days. Check your Brave, Edge, Opera, or Vivaldi browser to make sure the update is installed and activated.

