Google addressed six security vulnerabilities in its web browser Chrome, none of them actively exploited in the wild.
Google released Chrome version 109.0.5414.119 for Mac and Linux and 109.0.5414.119/.120 for Windows to address a total of six vulnerabilities.
Four of the addressed flaws were reported by external researchers that were awarded for more than $26,500 for their findings. Below are the flaws reported by the researchers:
[$16000] High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kim(chichoo) and Cassidy Kim(@cassidy6564) on 2022-10-19
[$3000] High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-01-06
[$7500] Medium CVE-2023-0473: Type Confusion in ServiceWorker API. Reported by raven at KunLun lab on 2023-01-03
[$TBD] Medium CVE-2023-0474: Use after free in GuestView. Reported by avaue at S.S.L on 2022-12-14
The good news is that Google is not aware of attacks in the wild exploiting one of these vulnerabilities.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
[adrotate banner=”9″][adrotate banner=”12″]Pierluigi Paganini
(SecurityAffairs – hacking, Chrome)
The post Chrome 109 update addresses six security vulnerabilities appeared first on Security Affairs.