Four security vulnerabilities impacting Google Chrome, three of which were of high severity, have been fixed as part of the new Chrome 114 update, according to SecurityWeek.
Among the high-severity bugs addressed was CVE-2023-3420, a type confusion issue in the browser's V8 JavaScript rendering engine discovered by GitHub Security Lab researcher Man Yue Mo, who was awarded $20,000 for reporting the flaw. Google also patched two use-after-free flaws that could be leveraged to facilitate sandbox escape. The first of such vulnerability, tracked as CVE-2023-3421, was identified and reported by Cisco Talos researcher Piotr Bania, who received a $10,000 bounty, while the second flaw, tracked as CVE-2023-3422, was found by security researcher asnine, who was given a $5,000 reward. The update comes after details regarding the already addressed use-after-free Chrome ANGLE library vulnerability, tracked as CVE-2023-1531, have been released by Cisco Talos. Access to a specially crafted webpage could prompt the flaw, which could then enable data corruption and leaks, Cisco Talos said.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news