Google Chrome 109 update addresses six security vulnerabilities

Pierluigi Paganini January 25, 2023

Google addressed six security vulnerabilities in its web browser Chrome, none of them actively exploited in the wild.

Google released Chrome version 109.0.5414.119 for Mac and Linux and 109.0.5414.119/.120 for Windows to address a total of six vulnerabilities.

Four of the addressed flaws were reported by external researchers that were awarded for more than $26,500 for their findings. Below are the flaws reported by the researchers:

  • [$16000][1376354] High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kim(chichoo) and Cassidy Kim(@cassidy6564) on 2022-10-19
  • [$3000][1405256] High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-01-06
  • [$7500][1404639] Medium CVE-2023-0473: Type Confusion in ServiceWorker API. Reported by raven at KunLun lab on 2023-01-03
  • [$TBD][1400841] Medium CVE-2023-0474: Use after free in GuestView. Reported by avaue at S.S.L on 2022-12-14

The good news is that Google is not aware of attacks in the wild exploiting one of these vulnerabilities.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Chrome)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment