Google this week announced the first stable release of Chrome 105, which comes with patches for 24 vulnerabilities, including 13 use-after-free and heap buffer overflow bugs.
Twenty-one of the resolved security defects were reported by external researchers, including one critical-, eight high-, nine medium-, and three low-severity vulnerabilities.
A total of nine use-after-free issues were resolved with the latest browser update, the most important of which is a critical flaw in the Network Service component, reported by Google Project Zero researcher Sergei Glazunov, the company notes in an advisory.
Chrome 105 also patches five high-severity use-after-free vulnerabilities, impacting browser components such as WebSQL, Layout, PhoneHub, and Browser Tag.
Google says it handed out between $5,000 and $10,000 for four of the issues, but has yet to determine the amount to be paid for the fifth.
Other high-severity bugs the latest Chrome update resolves include a heap buffer overflow in Screen Capture, an inappropriate implementation in Site Isolation, and an insufficient validation of untrusted input in V8.
Three of the medium-severity flaws that Chrome 105 patches are heap buffer overflow bugs, two are use-after-free issues, two insufficient policy enforcements, and two inappropriate implementations.
Google says it has paid more than $60,000 in bug bounty rewards to the reporting researchers, but the internet giant has yet to determine the amount to be paid for five of the bugs and the total amount could be higher.
The latest browser iteration is now rolling out to Mac and Linux users as Chrome 105.0.5195.52 and to Windows users as Chrome 105.0.5195.52/53/54.
Google made no mention of any of these vulnerabilities being exploited in malicious attacks.
So far this year, there have been five documented Chrome zero-day vulnerabilities exploited in attacks. The most recent of them was addressed roughly two weeks ago.
Related: Google Paid Out $90,000 for Vulnerabilities Patched by Chrome 104
Related: Chrome 103 Update Patches High-Severity Vulnerabilities
Related: Emergency Chrome 103 Update Patches Actively Exploited Vulnerability
Related: Google Patches Third Actively Exploited Chrome Zero-Day of 2022
More from Ionut Arghire
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- US, Israel Provide Guidance on Securing Remote Access Software
- Blumira Raises $15 Million for SMB-Tailored XDR Platform
- KeePass Update Patches Vulnerability Exposing Master Password
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Apple Unveils Upcoming Privacy and Security Features
- Dozens of Malicious Extensions Found in Chrome Web Store
Latest News
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- BBC, British Airways, Novia Scotia Among First Big-Name Victims in Global Supply-Chain Hack
- Sysdig Introduces CNAPP With Realtime CDR
- Stay Focused on What’s Important
- VMware Plugs Critical Flaws in Network Monitoring Product
- Google Patches Third Chrome Zero-Day of 2023
- Hackers Issue ‘Ultimatum’ Over Payroll Data Breach
- US, Israel Provide Guidance on Securing Remote Access Software
