Chrome官网安全更新（2023-10-18） | KnowSafe漏洞情报平台

基本信息

发布日期2023-10-18
感知时间2023-10-18
漏洞类型安全更新
风险等级未知
更新版本未知
情报贡献TSRC

更新标题

Stable Channel Update for ChromeOS/ChromeOS Flex

更新详情

The Stable channel is being updated to 118.0.5993.86&nbsp;(Platform version:&nbsp;15604.45.0)&nbsp;for most ChromeOS devices and will be rolled out over the next few days.&nbsp;This build contains a number of bug fixes and security updates.If you find new issues, please let us know one of the following ways:File a bug&nbsp;Visit our ChromeOS communitiesGeneral:&nbsp;Chromebook Help CommunityBeta Specific:&nbsp;ChromeOS Beta Help CommunityReport an issue or send feedback on ChromeInterested in switching channels?&nbsp;Find out how.Cole Brown,Google ChromeOSSecurity Fixes and RewardsChromeOS Vulnerabiltity Rewards Program Reported Bug Fixes:[$5000] [1472943] High CVE-NA Use-after-free in Virglrenderer. Reported by rinngo on 2023-08-15[$7000] [1473956] High CVE-NA Heap buffer overflow in Virglrenderer. Reported by Bugreporterca on 2023-08-15[$5000] [1472566] High CVE-NA Heap buffer overflow in Virglrenderer. Reported by Bugreporterca on 2023-08-14[$1000] [1473015] Medium CVE-NA Heap buffer overflow in Virglrenderer. Reported by Bugreporterca on 2023-08-18[$1000] [1474235] Medium CVE-NA Out-of-Bound Read in Virglrenderer. Reported by zx on 2023-08-20[$500] [1475224] Low CVE-NA DoS in Virglrenderer. Reported by Bugreporterca on 2023-08-23We would like to thank the security researchers that report vulnerabilities to us via bughunters.google.com to keep ChromeOS and the entire open source ecosystem secure.Chrome Browser Security Fixes:[TBD][1487110] Critical CVE-2023-5218: Use after free in Site Isolation. Reported by @18楼梦想改造家 on 2023-09-27[$2000][1476952] Medium CVE-2023-5475: Inappropriate implementation in DevTools. Reported by Axel Chong on 2023-08-30[$1000][1458934] Medium CVE-2023-5481: Inappropriate implementation in Downloads. Reported by Om Apip on 2023-06-28[$1000][1474253] Medium CVE-2023-5476: Use after free in Blink History. Reported by Yunqin Sun on 2023-08-20[$500][1471253] Medium CVE-2023-5479: Inappropriate implementation in Extensions API. Reported by Axel Chong on 2023-08-09[$6000][1395164] Low CVE-2023-5485: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2022-12-02[$3000][1472404] Low CVE-2023-5478: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-08-12[$1000][1357442] Low CVE-2023-5486: Inappropriate implementation in Input. Reported by Hafiizh on 2022-08-29[$1000][1484000] Low CVE-2023-5473: Use after free in Cast. Reported by DarkNavy on 2023-09-18Other 3rd Party Security Fixes Included:[NA]&nbsp; [299481133] High Fixes CVE-2023-4921 in Linux KernelAndroid Runtime Container Security Fixes:[NA]&nbsp; [NA] Medium Fixes CVE-2023-21143 on impacted platforms[NA]&nbsp; [NA] Medium Fixes CVE-2020-29374 on impacted platformsUsers who are pinned to a specific release of ChromeOS will not receive these security fixes or any other security fixes. We recommend updating to the latest version of Stable to ensure you are protected against exploitation of known vulnerabilities.&nbsp;To see fixes included in the Long Term Stable channel, see the release notes.

软件描述

Google Chrome是一款由Google公司开发的网页浏览器，该浏览器基于其他开源软件撰写，包括WebKit，目标是提升稳定性、速度和安全性，并创造出简单且有效率的使用者界面

CVE编号

Knowsafe分析

暂无

业界资讯

暂无

来源链接

https://chromereleases.googleblog.com/2023/10/stable-channel-update-for.html