Google on Wednesday announced a Chrome 115 update that patches 17 vulnerabilities, including 11 flaws reported by external researchers.
The browser update resolves three high-severity type confusion bugs in the V8 JavaScript and WebAssembly engine that earned the reporting researchers over $60,000 in bug bounties, Google notes in its advisory.
The internet giant says it handed out $43,000 in rewards to a security researcher named ‘Jerry’, who reported two of these V8 issues, tracked as CVE-2023-4068 and CVE-2023-4070.
A $21,000 bug bounty was awarded to Man Yue Mo of GitHub Security Lab, for reporting the third type confusion bug, tracked as CVE-2023-4069.
The latest Chrome update resolves six other high-severity vulnerabilities. Based on the paid bug bounties, the most severe of these is CVE-2023-4071, a heap buffer overflow bug in Visuals.
Next in line is an out-of-bounds read and write issue in WebGL (CVE-2023-4072), followed by an out-of-bounds memory access flaw in the ANGLE graphics engine abstraction layer (CVE-2023-4073).
The remaining three high-severity security defects that were externally reported are use-after-free vulnerabilities in Blink Task Scheduling, Cast, and WebRTC.
The latest Chrome iteration also resolves two medium-severity bugs in Extensions: an insufficient data validation and an inappropriate implementation issue.
Google says it handed out a total of $123,000 in bug bounty rewards to the reporting researchers.
The latest Chrome release is currently rolling out as version 115.0.5790.170 for Mac and Linux and as versions 115.0.5790.170/.171 for Windows.
Google makes no mention of any of these vulnerabilities being exploited in attacks.
Related: Chrome 115 Patches 20 Vulnerabilities
Related: Chrome and Its Vulnerabilities – Is the Web Browser Safe to Use?
Related: Chrome 114 Update Patches Critical Vulnerability

More from Ionut Arghire
- Generative AI Startup Nexusflow Raises $10.6 Million
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
- Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
- FBI Warns Organizations of Dual Ransomware, Wiper Attacks
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
- Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
Latest News
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
