High-severity Chrome vulnerabilities addressed

Four security vulnerabilities impacting Google Chrome, three of which were of high severity, have been fixed as part of the new Chrome 114 update, according to SecurityWeek. Among the high-severity bugs addressed was CVE-2023-3420, a type confusion issue in the browser's V8 JavaScript rendering engine discovered by GitHub Security Lab researcher Man Yue Mo, who was awarded $20,000 for reporting the flaw. Google also patched two use-after-free flaws that could be leveraged to facilitate sandbox escape. The first of such vulnerability, tracked as CVE-2023-3421, was identified and reported by Cisco Talos researcher Piotr Bania, who received a $10,000 bounty, while the second flaw, tracked as CVE-2023-3422, was found by security researcher asnine, who was given a $5,000 reward. The update comes after details regarding the already addressed use-after-free Chrome ANGLE library vulnerability, tracked as CVE-2023-1531, have been released by Cisco Talos. Access to a specially crafted webpage could prompt the flaw, which could then enable data corruption and leaks, Cisco Talos said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.