By Click&Clean - Monday, June 5, 2023. Last week, Google released a major update in version 114 of its Chrome web browser for desktop and mobile platforms, including Windows, Mac, Linux, Chrome OS, iOS, and Android, fixing 16 different security vulnerabilities that affected previous versions of the web browser.
If you're still using an outdated, unsecure version of the web browser, don't risk your security and privacy—update your Chrome web browser to the latest stable and secure version 114 by clicking the button below.
Here is a list of Chrome versions that should be displayed on the page after the security update is installed:
• Chrome version 114.0.5735.110 on Windows
• Chrome version 114.0.5735.106 on Linux and Mac
• Chrome version 114.0.5735.99 on iOS
• Chrome version 114.0.5735.60 or 114.0.5735.61 on Android
The Chrome 114 update includes numerous fixes for security and privacy vulnerabilities. These fixes addressed 8 high-risk vulnerabilities, 4 medium-severity flaws, and 1 bug that were highlighted as low-risk vulnerability.
Out-of-bounds write in Swiftshader (CVE-2023-2929 High-risk) - This security bug allow a remote cyber-attacker to trick the user into visiting a malicious web page, then trigger an out-of-bounds write and execute arbitrary code.
Out of bounds memory access in Mojo (CVE-2023-2934 High-risk) - This flaw allows a remote cyber-attacker to exploit heap corruption via a crafted malicious HTML page.
Use-after-free in Extensions (CVE-2023-2930 High-risk) - This security vulnerability allow a remote cyber-attacker who convinced a user to install a malicious extension, then trigger use-after-free error and execute arbitrary code to compromise vulnerable system.
Use-after-free in PDF (CVE-2023-2931 High-risk; CVE-2023-2932 High-risk; CVE-2023-2933 High-risk) - These security bugs allow a remote cyber-attacker to exploit heap corruption via a specially crafted PDF file.
Type Confusion in V8 component (CVE-2023-2935 High-risk; CVE-2023-2936 High-risk) - Successful exploitation of this security vulnerabilities could lead in complete compromise of affected system when the user visits a specially crafted malicious web page.
Inappropriate implementation in Picture-In-Picture (CVE-2023-2937 Medium-risk; CVE-2023-2938 Medium-risk) - These security flaws allow a remote cyber-attacker to compromise the renderer process to spoof the contents of the URL bar through a specially crafted web page.
Inappropriate implementation in Installer (CVE-2023-2939 Medium-risk) - This security vulnerability allow a remote attacker to perform privilege escalation through a created symbolic link and gain access to sensitive information.
Inappropriate implementation in Downloads (CVE-2023-2940 Medium-risk) - The vulnerability allow a remote cyber attacker, who has convinced a user to install a malicious extension, to bypass file access restrictions and gain access to sensitive information when the user visits a specially crafted malicious page.
Inappropriate implementation in Extensions (CVE-2023-2941 Low-risk) - This bug allows a remote attacker to spoof user interface (UI) content with a specially crafted malicious Chrome extension.
In Chrome 114, Google has implemented a security feature for Windows users called "Lock Profile Cookie Files on Disk" that helps protect cookie files on disk from malware attempting to gain unauthorized access to the cookie information.
Another security change in Chrome 114 is the improved "Safe Browsing" feature. Now, if "Safe Browsing" feature is set to "Standard" or "Enhanced" protection, Chrome will recursively unpack downloads of nested archives to improve protection against malware and unwanted software that often uses nested archives to spread malware.
The password manager has been rebranded and is now called "Google Password Manager." It comes with enhancements, such as the ability to add shortcut to the desktop, grouping of similar passwords, better passwords checking, and improved notes editing. Also, by enabling this Chrome flag: chrome://flags/#password-manager-redesign, you can add a "Google Password Manager" entry to the Chrome three-dots menu, which will make it much easier to access saved passwords.
Google is actively working on a big redesign of Chrome for desktop, which should be fully launched in September. However, if you want to see ongoing progress with new icons and revamped tab design, you can do so by enabling the chrome://flags/#chrome-refresh-2023 flag.
