Home Blog Chrome Cleaner

Google Chrome 118 Stable Patches 20 Security Issues

Keep Your Web Browser Secure and Protected

Chrome 118: Security Fixes, New Features, and Changes

By Click&Clean - Wednesday, October 18, 2023. Following the major Chrome 117 update four weeks ago, Google released the next significant Chrome update to version 118 via the Stable channel on Tuesday, October 10, for Windows, Mac, Linux, iOS, and Android platforms. Chrome 118 is primarily a security update, but it also includes new features, improvements, and changes.

Google Chrome 118
Click&Clean on FacebookClick&Clean on TwitterClick&Clean on YouTubeClick&Clean on Pinterest

Security and Data Protection Fixes in Chrome 118

The latest version of Chrome Stable 118 addressed 20 security bugs, including 14 reported by external researchers. One of the security vulnerabilities is rated as a critical security issue, six high-risk flaws, two medium-risk bugs, and five issues are assessed as low-risk vulnerabilities.

Use-after-free in Site Isolation (CVE-2023-5218 Security severity: Critical) - The vulnerability exists due to a bug in the Site Isolation component in Chrome web browser. This security flaw allows a remote cyber-attacker to cause a use-after-free error that could potentially allow them to execute arbitrary code on the target system when the user visits a specially crafted malicious HTML web page.

Inappropriate implementation in Fullscreen (CVE-2023-5487 Security severity: High) - Successful exploitation of the vulnerability could allowed a remote cyber-attacker to bypass navigation restrictions using a malicious Chrome extension, tricking the user into installing it and then gaining access to sensitive information.

Inappropriate implementation in Navigation (CVE-2023-5484 Security severity: High) and Downloads (CVE-2023-5481 Security severity: High) - This bug allows a remote attacker to spoof user interface (UI) content via a specially crafted malicious web page.

Inappropriate implementation in DevTools (CVE-2023-5475 Security severity: High) - This security vulnerability allow a remote cyber-attacker who has tricked a user into installing a malicious extension to bypass discretionary access control via a crafted Chrome Extension and then gain access to the user's sensitive information.

Inappropriate implementation in Intents (CVE-2023-5483 Security severity: High) - This flaw allows a cyber-attacker to bypass content security policy when the user visits a specially crafted malicious HTML web page.

Inappropriate implementation in Extensions API (CVE-2023-5479 Security severity: High) - This security flaw allows an attacker to trick the user into installing a malicious extension to bypass an enterprise policy through a crafted malicious web page and gain access to sensitive information.

Use-after-free in Blink History (CVE-2023-5476 Security severity: Medium) - This security bug allow a remote cyber-attacker to trick the user into visiting a malicious web page, then trigger a use-after-free error and gain access to the user's sensitive information.

Heap-baced buffer overflow in PDF (CVE-2023-5474 Security severity: Medium) - This vulnerability allows a remote attacker, after convincing a user to perform certain actions, to potentially exploit heap corruption using a specially crafted malicious PDF file and execute arbitrary code on the target system.

If you are still using an outdated, insecure version of your web browser, we recommend that you immediately update your Chrome web browser to the latest stable version to stay protected from potential cyber-attacks and other potential security threats.

Check and Update Chrome Now

The following versions (at the time of writing) of Chrome web browser should be listed on the "About Chrome" page after the security update is installed:

• Chrome versions 118.0.5993.88 and 118.0.5993.89 on Windows
• Chrome version 118.0.5993.88 on Linux and Mac
• Chrome Extended version 118.0.5993.71 on Windows
• Chrome Extended version 118.0.5993.70 on Mac
• Chrome version 118.0.5993.92 on iOS
• Chrome version 118.0.5993.80 on Android

What's New and Changes In Google Chrome 118

In Chrome 118, Google introduced support for Encrypted Client Hello (ECH) to enhance user security and privacy. ECH increases user privacy because network operators can no longer know what sites and services the user is accessing in the browser.

Another security feature in Chrome 118 gives Google the ability to remotely and automatically disable malicious extensions that weren't installed from the Chrome Web Store by "Safe Browsing" servers. To activate this feature, you need to enable "Enhanced Safe Browsing" in your web browser.

If "Enhanced Safe Browsing" is enabled, Chrome can now deeply scan encrypted archives such as ZIP, 7 ZIP, RAR, and other archive files, and prompt the user to provide the archive password along with the file contents.

Chrome 118 now supports creating and using passkeys from iCloud Keychain. Passkey support can be managed via chrome://password-manager/settings. This feature works starting with Chrome version 118 on macOS 13.5 and later.

Privacy & Security Guides

Take a look 📖
Don't Forget to Contribute ❤, Like & Share!

The best Cleaner App -Click&Clean, Safe and Secure Browsing!