Google this week announced the release of Chrome 111 to the stable channel with patches for 40 vulnerabilities.
A total of 24 of the addressed security defects were reported by external researchers. These include eight high-severity flaws, 11 medium-severity bugs, and five low-severity issues.
Three of the high-severity vulnerabilities reported by external researchers are use-after-free bugs impacting Swiftshader, DevTools, and WebRTC, for which Google handed out bounty rewards of $15,000, $4,000, and $3,000, respectively.
The internet giant’s advisory also mentions two type confusion flaws in V8 and CSS, awarded $10,000 and $7,000, respectively; a stack buffer overflow issue in Crash reporting, for which a $3,000 reward was paid; and two heap buffer overflow bugs in Metrics and UMA, for which rewards have yet to be determined.
Six of the externally reported medium-severity flaws are insufficient policy enforcement bugs impacting browser components such as extensions API, autofill, web payments API, navigation, and intents.
Additionally, Chrome 111 resolves medium-severity inappropriate implementation issues in permission prompts, WebApp installs, and autofill, a heap buffer overflow bug in the Web Audio API, and a use-after-free vulnerability in Core.
The externally reported low-severity defects resolved with this browser update include two insufficient policy enforcement issues in Resource Timing, an inappropriate implementation flaw in intents, a type confusion bug in DevTools, and an inappropriate implementation vulnerability in Internals.
Google says it paid more than $90,000 in bug bounty rewards to the reporting researchers, but the total amount could be much higher, as the company has yet to determine the amounts to be handed out for several vulnerability reports.
The internet giant makes no mention of any of these vulnerabilities being exploited in attacks.
The latest Chrome iteration is currently rolling out as versions 111.0.5563.64/.65 for Windows and as version 111.0.5563.64 for Linux and macOS.
Related: Chrome 110 Patches 15 Vulnerabilities
Related: Security Update for Chrome 109 Patches 6 Vulnerabilities
