Google released a round of security update for Chrome 113 for Windows, Linux, and Mac addressing yet another critical zero-day vulnerability. The update addresses a total of 12 vulnerabilities, the most severe of which could lead to arbitrary code execution. An attacker could use the flaw to gain full system access.

The released security updates are for Google Chrome users on Windows, macOS, and Linux, which include zero-day vulnerability:

• CVE-2023-2721: Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Security Risks

Successful exploitation of the identified vulnerabilities could allow remote attackers to potentially execute arbitrary code by exploiting a use-after-free condition through a crafted HTML page. This can lead to system compromise, unauthorized access, and information theft. Users should update Chrome to version 113.0.5672.126 or later to mitigate the risk.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

1. Upgrade, as soon as possible, to the latest supported version of installed software in order to continue receiving technical support and security patches.

The released software versions to upgrade to are:

• Chrome 113.0.5672.126/.127 for Windows

• Chrome 113.0.5672.126 for Mac and Linux

• Chrome Beta 114 (114.0.5735.33) for Android

• Chrome Stable 113 (113.0.5672.121) for iOS

2. Before performing any update tasks, ensure that you have a backup of your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009

References

Chrome Releases

cve.mitre.org/cgi-bin/cvename.cgi