Chrome 111 Update Patches High-Severity Vulnerabilities
Google this week announced a Chrome 111 update that brings patches for eight vulnerabilities, including seven flaws that were reported by external researchers. All seven of the externally reported issues are high-severity memory safety bugs, with four of them described as use-after-free vulnerabilities, a type of bug that could lead to arbitrary code execution, data corruption, or denial of service. The update includes patches for two out-of-bounds read issues in GPU Video and ANGLE, and four use-after-free issues in Chrome’s Passwords component, WebHID, PDF, and the ANGLE graphics engine. Google paid out a $10,000 bug bounty for the Passwords component flaw, and $8,000 for the WebHID issue. CVEs: CVE-2023-1528, CVE-2023-1529, CVE-2023-1530, CVE-2023-1531, CVE-2023-1532, CVE-2023-1533, CVE-2023-1534 [View Article](https://www.securityweek.com/chrome-111-update-patches-high-severity-vulnerabilities/)