SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Chrome 111 Patches 40 Vulnerabilities

Google has released Chrome 111 in the stable channel with patches for 40 vulnerabilities, including eight high-severity bugs

Google this week announced the release of Chrome 111 to the stable channel with patches for 40 vulnerabilities.

A total of 24 of the addressed security defects were reported by external researchers. These include eight high-severity flaws, 11 medium-severity bugs, and five low-severity issues.

Three of the high-severity vulnerabilities reported by external researchers are use-after-free bugs impacting Swiftshader, DevTools, and WebRTC, for which Google handed out bounty rewards of $15,000, $4,000, and $3,000, respectively.

The internet giant’s advisory also mentions two type confusion flaws in V8 and CSS, awarded $10,000 and $7,000, respectively; a stack buffer overflow issue in Crash reporting, for which a $3,000 reward was paid; and two heap buffer overflow bugs in Metrics and UMA, for which rewards have yet to be determined.

Six of the externally reported medium-severity flaws are insufficient policy enforcement bugs impacting browser components such as extensions API, autofill, web payments API, navigation, and intents.

Additionally, Chrome 111 resolves medium-severity inappropriate implementation issues in permission prompts, WebApp installs, and autofill, a heap buffer overflow bug in the Web Audio API, and a use-after-free vulnerability in Core.

Advertisement. Scroll to continue reading.

The externally reported low-severity defects resolved with this browser update include two insufficient policy enforcement issues in Resource Timing, an inappropriate implementation flaw in intents, a type confusion bug in DevTools, and an inappropriate implementation vulnerability in Internals.

Google says it paid more than $90,000 in bug bounty rewards to the reporting researchers, but the total amount could be much higher, as the company has yet to determine the amounts to be handed out for several vulnerability reports.

The internet giant makes no mention of any of these vulnerabilities being exploited in attacks.

The latest Chrome iteration is currently rolling out as versions 111.0.5563.64/.65 for Windows and as version 111.0.5563.64 for Linux and macOS.

Related: Chrome 110 Patches 15 Vulnerabilities

Related: Security Update for Chrome 109 Patches 6 Vulnerabilities

Related: Chrome 109 Patches 17 Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: Why Email Security Keeps Failing (And What Has to Change)
July 8, 2026

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

Virtual Event: 2026 Cloud Security Summit
July 16, 2026

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Philip Martin has joined Uber as Chief Information Security Officer.

Fable Security has appointed Jacob Berry as Chief Information Security Officer.

iCOUNTER has named Ali Waezzadah as Chief Information Security Officer.

More People On The Move

Expert Insights

No Exploits Required

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.