By Click&Clean - Wednesday, April 5, 2023. Yesterday, Google released the latest version of its Google Chrome web browser, Chrome 112, to the official stable channel for Windows, Mac, Linux, iOS, and Android. Google Chrome 112 is primarily a security update, but it also includes some new features and changes.
Google plans to roll out the upgrade over the coming days and weeks, but we recommend that you do not wait and instead update your Chrome web browser immediately to stay protected from potential cyber-attacks and other security threats.
After installing the security update, the page should show the following version of Chrome:
• Chrome version 112.0.5615.49 or 112.0.5615.50 on Windows
• Chrome version 112.0.5615.49 on Linux and Mac
• Chrome version 112.0.5615.46 on iOS
• Chrome version 112.0.5615.47 or 112.0.5615.48 on Android
The latest Chrome version 112 comes with a total of 16 security fixes, including 3 high-severity bugs, 9 medium-risk flaws, and 4 issues that are rated low-risk security vulnerabilities. Here's a list of security bugs that have been fixed in Chrome 112:
Heap-baced buffer overflow in Visuals (CVE-2023-1810) and Browser History (CVE-2023-1820) – These security vulnerabilities often leads to security errors that allow a cyber-attackers to cause arbitrary code execution and even a system crash.
Use-after-free bug in Frames (CVE-2023-1811) reported by Thomas Orlita, Networking APIs (CVE-2023-1815), and Vulkan (CVE-2023-1818) - These security bugs allow a remote cyber-attacker to trick the user into visiting a malicious web page, then trigger an out-of-bounds read error and crash the web browser.
Out-of-bounds read in DOM (CVE-2023-1812) and Accessibility (CVE-2023-1819) - These security flaws allow a remote cyber-attacker to trick the user into visiting a malicious web page, then trigger an out-of-bounds read error and crash the web browser.
Inappropriate implementation in Extensions (CVE-2023-1813), WebShare (CVE-2023-1821), and FedCM (CVE-2023-1823) - These security flaws allow a remote cyber-attacker to gain access to the user's sensitive information when the user visits a specially crafted malicious web page.
Input validation error in Safe Browsing (CVE-2023-1814) - This vulnerability allows a remote cyber-attacker to trick the victim to perform certain actions in web browser and then crash it.
Incorrect security UI in Picture In Picture (CVE-2023-1816) reported by NDevTK, Navigation (CVE-2023-1822) - These vulnerabilities allow a remote cyber-attacker to perform a spoofing attack when the user visits a specially crafted malicious web page.
Insufficient policy enforcement in Intents (CVE-2023-1817) - This security bug allows a remote attacker to bypass implemented security restrictions and gain access to sensitive information.
Starting with Chrome 112, Chrome apps no longer work and can't be installed from the Chrome Web Store. Google decided to discontinue these in favor of the more standardized Progressive Web Apps (PWAs).
Other new features and changes in this release cover lists mostly related to developers, such as CSS Nesting, CSS animation-composition property, WebGLContextEvent on Web Workers, WebAssembly Tail Call, APIPayment handler minimal header UX, Deprecate the "document.domain" setter, Deprecate non-standard "shadowroot" attribute for declarative shadow DOM, .etc.