Google on Tuesday announced the release of Chrome 115 to the stable channel, with patches for 20 vulnerabilities, including 11 reported by external researchers.
Of the externally reported security defects, four are assessed with a ‘high severity’ rating. Based on the bug bounties paid for them, the most important of these are CVE-2023-3727 and CVE-2023-3728, two use-after-free issues in WebRTC. Google says it handed out a $7,000 reward for each of them.
The third high-severity flaw that Chrome 115 resolves is another use-after-free bug, this time in Tab Groups. Tracked as CVE-2023-3730, the vulnerability was awarded a $2,000 bug bounty.
The fourth high-severity issue, CVE-2023-3732, is described as an out-of-bounds memory access in Mojo. The bug was discovered by Google Project Zero researcher Mark Brand and, per Google’s policies, no bug bounty will be issued for it.
Chrome 115 resolves six externally reported medium-severity vulnerabilities, which are described as inappropriate implementation flaws in the WebApp Installs, Picture In Picture, Web API Permission Prompts, Custom Tabs, Notifications, and Autofill components.
This browser release also resolves a low-severity insufficient validation of untrusted input bug in Themes.
Google says it has paid a total of $34,000 in bug bounty rewards to the reporting researchers.
The internet giant makes no mention of any of the newly resolved vulnerabilities being exploited in malicious attacks.
As usual, technical details on the resolved vulnerabilities are kept under wraps until the latest Chrome update is installed by most users.
Related: Chrome and Its Vulnerabilities – Is the Web Browser Safe to Use?
