SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Chrome 120 Patches 10 Vulnerabilities

Chrome 120 was released in the stable channel with patches for 10 vulnerabilities, including five externally reported flaws.

Google on Tuesday announced the release of Chrome 120 to the stable channel with patches for 10 vulnerabilities.

Of the resolved issues, five were reported by external researchers, who received a total of $15,000 in bug bounty rewards, according to Google’s advisory.

Based on the reward handed out, the most serious of the flaws is CVE-2023-6508, a high-severity use-after-free issue in Media Stream. Google says it paid out $10,000 for the bug.

Next in line is CVE-2023-6509, a high-severity use-after-free defect that impacts Chrome’s Side Panel Search component.

The latest browser release also resolves a medium-severity use-after-free vulnerability in Media Capture, and two low-severity inappropriate implementation flaws, in Autofill and Web Browser UI.

A type of memory corruption bugs that occur when the pointer is not cleared after freeing memory allocation, use-after-free issues could lead to the execution of arbitrary code, to data corruption, or denial-of-service.

Advertisement. Scroll to continue reading.

When combined with other vulnerabilities, use-after-free defects may be exploited to fully compromise a system.

In Chrome, use-after-free flaws could be exploited to escape the sandbox. For that, however, the exploitation of a security defect in the underlying operating system or in a privileged process is required.

Google has long fought memory corruption bugs and last year announced improved protections against the exploitation of use-after-free vulnerabilities in Chrome.

The latest Chrome iteration is now rolling out as version 120.0.6099.62 for macOS and Linux and as versions 120.0.6099.62/.63 for Windows.

Google also announced that it has updated the Chrome Extended Stable channel to version 120.0.6099.62 for macOS and to version 120.0.6099.63 for Windows.

The internet giant makes no mention of any of the addressed vulnerabilities being exploited in malicious attacks. Last week, Google pushed a Chrome security update to address CVE-2023-6345, the seventh zero-day flaw documented in the browser in 2023.

Related: Chrome 119 Patches 15 Vulnerabilities

Related: Chrome 118 Patches 20 Vulnerabilities

Related: Firefox, Chrome Updates Patch High-Severity Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: ROSI for CPS Security Programs
May 13, 2026

In cyber-physical systems (CPS), just one hour of downtime can outweigh an entire annual security budget. Learn how to master the Return on Security Investment (ROSI) to align security goals with the bottom-line priorities.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

Malwarebytes has named Chung Ip as Chief Financial Officer.

Semperis has appointed John Podboy as Chief Information Security Officer.

Randy Menon has become Chief Product and Marketing Officer at One Identity.

More People On The Move

Expert Insights

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.