Among Google’s numerous applications, Chrome is undoubtedly one of those that the development team pays the most attention to. Accordingly, the company has now initiated the release of another update for the browser: Chrome 115. Once again, the search engine operator is mainly focused on fixing bugs. This emerges from an entry in Google’s in-house blog. Accordingly, the update to Chrome 115 closes a total of 20 security gaps. Google only reveals details about the leaks reported by external persons – eleven in number. Google classifies four of them as high-risk, six as medium threat and one as low risk for users.
Vulnerabilities that are patched
We’d like to note that four of the vulnerabilities that are patched are of “high severity.”
- The first bug is an issue related to CVE-2023-3727, CVE-2023-3728
- The second vulnerability is two issues related to the use of WebRTC.
- The third serious vulnerability that Chrome 115 addresses is another one, is in the tab group. Tracked as CVE-2023-3730.
- The fourth serious issue, CVE-2023-3732, is Googled as memory overrun in Mojo. This bug was discovered by Google’s Project Zero team.
Also, six external medium severity vulnerabilities have been fixed in Chrome 115, described as flaws in the implementation of WebApp Installs, Picture In Picture, Web API Permission Prompts, Custom Tabs, Notifications, and Autofill components. And lastly, a low severity bug related to insufficient input validation in the Themes component has been fixed.
Google is silent on whether any of the newly patched vulnerabilities have been exploited previously in browser attacks. Technical details about the vulnerabilities are usually kept secret until users update Google’s software so no details from the company itself will be forthcoming.
These bugs were in Google Chrome
According to the available information, two of the most serious vulnerabilities affect the WebRTC component. Here, attackers can cause a so-called “use after free” error, which can lead to the execution of arbitrary code. There is even the possibility that cybercriminals could gain access to the system. A gap in the Mojo component also allows memory access outside the reserved limits. Other vulnerabilities are in the WebApp Installs, Picture in Picture, Web API Permission Prompts, Custom Tabs, Notifications, Autofill and Themes components.
Chrome 115: Update available now
According to the available information, the update to Chrome 115 is now available for all major platforms, such as Windows, macOS and Linux, as well as iOS, iPadOS and Android. Since the browser updates itself by default, you do not actually have to do anything. If you want to be on the safe side, you can trigger the update process manually. To do so, go to the “Help” menu item in the Google browser’s settings and click on “About Chrome” – the software will then download the latest update. Finally, you only have to restart the browser to install the update. On mobile devices, you need to go to the manufacturer’s app store to download the latest version.
FAQs
1. Will the Chrome 115 update affect my browsing data and history?
No, the Chrome 115 update prioritizes user privacy, and your browsing data and history remain intact during the update process. However, we recommend backing up your data regularly for added peace of mind.
2. Can I disable the AI-driven content recommendations?
Yes, you have the option to disable the AI-driven content recommendations in Chrome 115. Head to the settings, navigate to “Recommendations,” and toggle the feature as per your preference.
3. Is Chrome 115 available for all operating systems?
Yes, the Chrome 115 update is available for various operating systems, including Windows, macOS, Linux, iOS, and Android.
