- 81/2023
- High
Google has released an updated Chrome version (112.0.5615.49/50) for Windows and (112.0.5615.49) for Linux and Mac to fix multiple vulnerabilities.
The addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code on the system, bypass security restrictions, or trigger a buffer overflow by persuading the victim to visit a specially crafted webpage on the affected system.
Sample of the addressed vulnerabilities:
1. Google Chrome Heap Buffer Overflow in Visuals (CVE-2023-1810):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Google Chrome Out of Bounds Memory Access in DOM (CVE-2023-1811):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
Vulnerabilities
- CVE-2023-1810
- CVE-2023-1811
- CVE-2023-1812
- CVE-2023-1813
- CVE-2023-1814
- CVE-2023-1815
- CVE-2023-1816
- CVE-2023-1817
- CVE-2023-1818
- CVE-2023-1819
- CVE-2023-1820
- CVE-2023-1821
- CVE-2023-1822
- CVE-2023-182
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.