Google this week announced the release of a Chrome 113 security update that resolves a total of 12 vulnerabilities, including one rated ‘critical’. Six of the flaws were reported by external researchers.
Tracked as CVE-2023-2721 and reported by Qihoo 360 researcher Guang Gong, the issue is described as a use-after-free flaw in Navigation.
A remote attacker could craft an HTML page to trigger a heap corruption when a user accesses the page. The attacker would have to convince the user to visit the page.
Use-after-free vulnerabilities are memory corruption bugs that occur when the pointer is not cleared after memory allocation is freed, which could lead to arbitrary code execution, denial-of-service, or data corruption.
In Chrome, use-after-free issues can be exploited to escape the browser sandbox, which also requires for the attacker to target a vulnerability in the underlying system or in Chrome’s browser process.
The latest Chrome update addressed three other externally reported use-after-free flaws, all rated ‘high’ severity. The vulnerabilities impact the browser’s Autofill UI, DevTools, and Guest View components.
The new browser release also resolves a high-severity type confusion bug in the V8 JavaScript engine and a medium-severity inappropriate implementation issue in WebApp Installs.
Google says it paid $11,500 in bug bounties to the reporting researchers. However, the company has yet to determine the amounts to be paid for two of the vulnerabilities, including the critical-severity one, and the final amount could be higher.
The latest Chrome iteration is now rolling out as version 113.0.5672.126 for macOS and Linux, and as versions 113.0.5672.126/.127 for Windows.
Related: Chrome 113 Released With 15 Security Patches
Related: Google Patches Second Chrome Zero-Day Vulnerability of 2023
Related: Google Improves Chrome Protections Against Use-After-Free Bug Exploitation

More from Ionut Arghire
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
Latest News
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
