⚡ TL;DR | Go Straight to the Google Chrome 116 Vulnerability Audit Report
Google released a security update for Chrome 116 in response to 5 new vulnerabilities. The most severe of these could lead to remote code execution if successfully exploited. This could in turn lead to privilege escalation, data theft, denial of service, and more. We have added a new report to Lansweeper to help you locate vulnerable devices.
5 New Google Chrome Vulnerabilities
The new Chrome update fixes 5 new vulnerabilities, 4 of which are high severity and 1 medium. These vulnerabilities, when successfully exploited can lead to arbitrary code execution in the context of the logged-on user. This could allow an attacker to install programs, compromise sensitive data, or escalate privileges. You can find more information on Chrome’s release page.
| CVE Code | Severity | Description |
| CVE-2023-4430 | High | Use after free in Vulkan |
| CVE-2023-4429 | High | Use after free in Loader |
| CVE-2023-4428 | High | Out of bounds memory access in CSS |
| CVE-2023-4427 | High | Out of bounds memory access in CSS |
| CVE-2023-4431 | Medium | Out of bounds memory access in Fonts |
Update Vulnerable Chrome Installations
In order to keep your network and your organization secure, you should update any installations of Google Chrome to the latest version. For Windows that is 116.0.5845.110/.111, for Mac and Linux 116.0.5845.110. Further details regarding the vulnerabilities addressed will remain restricted until a majority of users has had the chance to update.
Discover Vulnerable Chrome Installs
To help you locate vulnerable installations of Google Chrome in your network, we have added a new report to Lansweeper. This way you have an actionable list of devices that still need to be updated to the new version. You can get the report via the link below.
