⚡ TL;DR | Go Straight to the Google Chrome 109 Vulnerability Audit Report
Google has released a security update for the desktop version of Google Chrome 109 for Windows, Linux, and Mac in response to a number of vulnerabilities. Two use after free vulnerabilities have been marked as high severity though there are currently no reports of them being exploited in the wild. Successful exploitation of these vulnerabilities could lead to arbitrary code execution, which in turn can compromise sensitive data.
High Severity Vulnerabilities Could Lead to Arbitrary Code Execution
The update issued on the 24th of January includes 6 security fixes. 2 of them (CVE-2023-0471 and CVE-2023-0472) have been given a high severity rating. Both are use after free vulnerabilities in WebTransport and WebRTC respectively. When exploited they can lead to arbitrary code execution in the context of the logged-on user. That would allow an attacker to install programs, view, change or delete data, or create new accounts, depending on the privileges associated with the logged-on user. So far, there have been no reports of the vulnerabilities being exploited in the wild.
Update Vulnerable Google Chrome Installations
For now, Google is not releasing any further details yet, to prevent further exploitation of the vulnerabilities until a majority of users has had a chance to update to the fixed version of Chrome. In order to protect yourself, Google advises that you update all Google Chrome installations to the new fixed version. For Windows that is version 109.0.5414.119/.120, for Mac and Linux that is version 109.0.5414.119. You can find more information about the security update on Google’s release blog.
Discover Vulnerable Chrome Installs
Our team has created a special report, to provide you with a list of all computers in your network that haven’t been updated to the latest version of Chrome 109 yet. This way you have an actionable list of all installs that are at risk and you can update them accordingly. You can get to the report via the link below.