Critical Vulnerability in Google Chrome

Security update addresses one Critical and three High severity vulnerabilities in Google Chrome

Threat ID:: CC-4341
Threat Severity:: Information only
Published:: 15 June 2023 1:09 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security update addresses one Critical and three High severity vulnerabilities in Google Chrome

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 114.0.5735.133 for Mac and Linux, all prior to 114.0.5735.133/134 for Windows

Google Chrome for Windows, macOS and Linux

Threat details

Introduction

Google has released a security update to address one Critical and three High severity vulnerabilities in Google Chrome for Windows, Mac, and Linux. The Critical severity vulnerability is a Use-After-Free vulnerability in Autofill payments, tracked as CVE-2023-3214.

Two of the High severity vulnerabilities are Use-After-Free vulnerabilities including CVE-2023-3215 which impacts WebRTC, and CVE-2023-3217 which impacts WebXR. The third High severity vulnerability, known as CVE-2023-3216, is a type confusion vulnerability.

A remote attacker could exploit one of these vulnerabilities to take control of affected system.

Remediation advice

Affected organisations are encouraged to review the Chrome Release and apply the necessary updates to the latest release.

Definitive source of threat updates

https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html

CVE Vulnerabilities

Status Published

CVE-2023-3214

Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Status Published

CVE-2023-3215

Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Status Published

CVE-2023-3216

Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Status Published

CVE-2023-3217

Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Last edited: 15 June 2023 4:32 pm