The community help forum is also a great place to reach out for help or learn about common issues.As of May 18, 2023, the following browser compatibility exists (order is completely arbitrary):įirst by operation system, links to individual browsers by system will follow the list by OS. If you find a new issue, please let us know by filing a bug. Interested in switching release channels? Find out how here. Medium CVE-2023-2726: Inappropriate implementation in WebApp Installs. High CVE-2023-2725: Use after free in Guest View. Reported by Sergei Glazunov of Google Project Zero on High CVE-2023-2724: Type Confusion in V8. High CVE-2023-2723: Use after free in DevTools. High CVE-2023-2722: Use after free in Autofill UI. Reported by Guang Gong of Alpha Lab, Qihoo 360 on Critical CVE-2023-2721: Use after free in Navigation. Please see the Chrome Security Page for more information. Below, we highlight fixes that were contributed by external researchers. A full list of changes in this build is available in the log. The Stable channel has been updated to 1.126 for Mac and Linux and 1.126/.127 for Windows, which will roll out over the coming days/weeks. Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL. Various fixes from internal audits, fuzzing and other initiatives We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.Īs usual, our ongoing internal security work was responsible for a wide range of fixes: Low CVE-2023-2941: Inappropriate implementation in Extensions API. Medium CVE-2023-2940: Inappropriate implementation in Downloads. Medium CVE-2023-2939: Insufficient data validation in Installer. Medium CVE-2023-2938: Inappropriate implementation in Picture In Picture. Medium CVE-2023-2937: Inappropriate implementation in Picture In Picture. High CVE-2023-2936: Type Confusion in V8. High CVE-2023-2935: Type Confusion in V8. Reported by Mark Brand of Google Project Zero on High CVE-2023-2934: Out of bounds memory access in Mojo. Reported by Quang Nguyễn of Viettel Cyber Security and Nguyen Phuong on High CVE-2023-2933: Use after free in PDF. Reported by Huyna at Viettel Cyber Security on High CVE-2023-2932: Use after free in PDF. High CVE-2023-2931: Use after free in PDF. High CVE-2023-2930: Use after free in Extensions. High CVE-2023-2929: Out of bounds write in Swiftshader. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix.
0 Comments
Leave a Reply. |