Advisory for Google Chrome Security Updates
- NIC-CERT/2023-03/056
- Date: 2023-03-09
- CVE ID: Multiple
- Severity: High
Advisory for Google Chrome Security Updates
- Description:
Google has updated Chrome 111 to the stable channel for Windows, Mac and Linux.
- Security Issues Fixed:
Google update includes several security fixes in this release which includes vulnerabilities like Use after free in devtools, type confusion in css etc.
- Affected Products, CVE IDs and Solution:
This update includes 40security fixes. Below, we highlight fixes that were contributed by external researchers.
- CVE IDs:
|
CVE Id |
Description |
|
CVE-2023-1213: |
Use after free in Swiftshader |
|
CVE-2023-1214: |
Type Confusion in V8 |
|
CVE-2023-1215: |
Type Confusion in CSS |
|
CVE-2023-1216: |
Use after free in DevTools |
|
CVE-2023-1217: |
Stack buffer overflow in Crash reporting |
|
CVE-2023-1218: |
Use after free in WebRTC |
|
CVE-2023-1219: |
Heap buffer overflow in Metrics |
|
CVE-2023-1220: |
Heap buffer overflow in UMA |
|
CVE-2023-1221: |
Insufficient policy enforcement in Extensions API |
|
CVE-2023-1222: |
Heap buffer overflow in Web Audio API |
|
CVE-2023-1223: |
Insufficient policy enforcement in Autofill |
|
CVE-2023-1224: |
Insufficient policy enforcement in Web Payments API |
|
CVE-2023-1225: |
Insufficient policy enforcement in Navigation |
|
CVE-2023-1226: |
Insufficient policy enforcement in Web Payments API |
|
CVE-2023-1227: |
Use after free in Core. |
|
CVE-2023-1228: |
Insufficient policy enforcement in Intents. |
|
CVE-2023-1229: |
Inappropriate implementation in Permission prompts |
|
CVE-2023-1230: |
Inappropriate implementation in WebApp Installs. |
|
CVE-2023-1231: |
Inappropriate implementation in Autofill |
- References:
https://chromereleases.googleblog.com/
