SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Chrome 120 Patches 10 Vulnerabilities

Chrome 120 was released in the stable channel with patches for 10 vulnerabilities, including five externally reported flaws.

Google on Tuesday announced the release of Chrome 120 to the stable channel with patches for 10 vulnerabilities.

Of the resolved issues, five were reported by external researchers, who received a total of $15,000 in bug bounty rewards, according to Google’s advisory.

Based on the reward handed out, the most serious of the flaws is CVE-2023-6508, a high-severity use-after-free issue in Media Stream. Google says it paid out $10,000 for the bug.

Next in line is CVE-2023-6509, a high-severity use-after-free defect that impacts Chrome’s Side Panel Search component.

The latest browser release also resolves a medium-severity use-after-free vulnerability in Media Capture, and two low-severity inappropriate implementation flaws, in Autofill and Web Browser UI.

A type of memory corruption bugs that occur when the pointer is not cleared after freeing memory allocation, use-after-free issues could lead to the execution of arbitrary code, to data corruption, or denial-of-service.

Advertisement. Scroll to continue reading.

When combined with other vulnerabilities, use-after-free defects may be exploited to fully compromise a system.

In Chrome, use-after-free flaws could be exploited to escape the sandbox. For that, however, the exploitation of a security defect in the underlying operating system or in a privileged process is required.

Google has long fought memory corruption bugs and last year announced improved protections against the exploitation of use-after-free vulnerabilities in Chrome.

The latest Chrome iteration is now rolling out as version 120.0.6099.62 for macOS and Linux and as versions 120.0.6099.62/.63 for Windows.

Google also announced that it has updated the Chrome Extended Stable channel to version 120.0.6099.62 for macOS and to version 120.0.6099.63 for Windows.

The internet giant makes no mention of any of the addressed vulnerabilities being exploited in malicious attacks. Last week, Google pushed a Chrome security update to address CVE-2023-6345, the seventh zero-day flaw documented in the browser in 2023.

Related: Chrome 119 Patches 15 Vulnerabilities

Related: Chrome 118 Patches 20 Vulnerabilities

Related: Firefox, Chrome Updates Patch High-Severity Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: Why Email Security Keeps Failing (And What Has to Change)
July 8, 2026

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

Virtual Event: 2026 Cloud Security Summit
July 16, 2026

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Philip Martin has joined Uber as Chief Information Security Officer.

Fable Security has appointed Jacob Berry as Chief Information Security Officer.

iCOUNTER has named Ali Waezzadah as Chief Information Security Officer.

More People On The Move

Expert Insights

No Exploits Required

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.