Google has recently rolled out Chrome 113, an update that mends security flaws, including a critical use-after-free vulnerability that could lead to arbitrary code execution, denial-of-service, or data corruption if exploited by an attacker. This vulnerability, tracked as CVE-2023-2721, was reported to Google by Qihoo 360 researcher Guang Gong and affects the Navigation component in Chrome. Gong described the use-after-free flaw as heap corruption triggered by a remote attacker using an HTML page.
## The Use-After-Free Vulnerability Explained
Use-after-free vulnerabilities are memory corruption bugs that arise when a program does not invalidate pointers when memory allocation is freed. Attackers can exploit these vulnerabilities to execute arbitrary code, such as malware or exploit kits. Chrome users would need to visit a malicious website for an attacker to trigger the flaw, which makes this vulnerability less dangerous than those that can be exploited without user interaction, such as those seen in drive-by downloads or watering hole attacks.
However, use-after-free vulnerabilities are critical issues since they can enable attackers to escape the security sandbox, an isolation mechanism designed to restrict access to system and application resources beyond what is necessary for web browsing. Chrome’s sandboxed environment provides an additional layer of security, rendering it significantly harder for an attacker to gain a foothold in a targeted system.
## Other Vulnerabilities Patched in the Latest Update
The Chrome 113 update also addresses other risks, including three high-severity and eight medium-severity vulnerabilities. Among the vulnerabilities patched, four were observed internally by Google, and six were reported by external researchers. Google paid out $11,500 in bug bounties but has not yet determined the final payment amount for two vulnerabilities, including the one classified as critical.
Apart from the use-after-free vulnerability, the latest update also fixed other use-after-free flaws rated ‘high’ severity discovered by external researchers in Autofill UI, DevTools, and Guest View components. In addition to these, a type confusion bug in the V8 JavaScript engine and an inappropriate implementation issue in WebApp Installs were also resolved.
## Conclusion
Google has resolved the vulnerabilities with Chrome 113, making it critical for users to update their browsers to maintain a secure browsing experience. For Chrome users, it is essential to ensure that they are running the updated version of the browser for protection against the critical use-after-free flaw and other vulnerabilities. However, the importance of maintaining cyber hygiene practices remains a priority as cyber threats continue to evolve. It is crucial to run reputable anti-virus software, avoid opening unsolicited emails, and refrain from clicking on unknown links.
<< photo by Feo con Ganas >>
You might want to read !
- The Synergies and Implications of XM Cyber’s Confluera Acquisition
- Data Privacy Concerns Prompt Companies to Improve Deletion Practices
- “Cloud Security at Risk: New Study Reveals Over 1/3 of Companies Reuse Passwords”
- Lacroix Shuts Down Manufacturing Facilities After Cyberattack Rattles Operations
- “Cyber Threat Group Exploits Azure Serial Console for Complete Virtual Machine Hijacking”
- Exclusive: Unearthing the Covert Infrastructure of State-Backed Sidewinder Hacker Group
- “Entro’s $6M Funding Round Targets Tackling of Secrets Sprawl in Cybersecurity”
- Wemo Smart Plugs Remain Vulnerable to Cyberattacks Due to Unpatched Bug
- Unfixable Buffer Overflow Found in Belkin Wemo Smart Plug V2
- SquareX Launches Innovative Solution to Combat Browser-Based Cyberattacks
