Google Chrome Use-After-Free Vulnerability Leads to Browser Crash
Google Chrome Stable Channel Update for Desktop version 119.0.6.forty five.159 for Mac and Linux and 119.0.6045.159/.160 for Home windows has been released, that could presumably also merely additionally be rolling out to all customers soon. There had been two vulnerabilities mounted, which were CVE-2023-5997 and CVE-2023-6112.
Each and each of these vulnerabilities had been associated with Expend-after-free situations in Rubbish Series and the Navigation of Google Chrome. The Nationwide Vulnerability Database (NVD) has yet to substantiate the severity of these vulnerabilities.
CVE-2023-5997: Expend After Free in Rubbish Series
This vulnerability exists in Google Chrome variations prior to 119.0.6045.159, allowing a threat actor to use heap corruption via a crafted HTML page. Chromium has categorized this vulnerability as high severity.
This vulnerability used to be rewarded with $10,000 by Google, nonetheless the crucial facets about the reporter of this vulnerability had been mentioned as nameless.
CVE-2023-6112: Expend After Free in Navigation
This vulnerability used to be connected to the above-mentioned vulnerability, which a threat actor can exploit to extinguish heap corruption through a crafted HTML page. The severity of this vulnerability is yet to be confirmed.
The crucial facets about the reward for this vulnerability weren’t provided by Google Chrome nonetheless had been reported by Sergei Glazunov of Google Project Zero.
Nonetheless, loads of alternative fixes had been connected to typical fuzzing, interior audits, and other Google initiatives.
Customers of Google Chrome are urged to enhance to the most modern version, 119.0.6.forty five.159 of Google Chrome to cease these Expend After free situations.
Source credit : cybersecuritynews.com