Google on Tuesday introduced the discharge of Chrome 119 to the secure channel with patches for 15 vulnerabilities, together with 13 reported by exterior researchers.
Three of the externally reported bugs have a severity ranking of ‘excessive’, and are described as inappropriate implementation in Funds (CVE-2023-5480), inadequate knowledge validation in USB (CVE-2023-5482), and integer overflow in USB (CVE-2023-5849).
Google says in its advisory that it has paid out $16,000 for the primary flaw and $11,000 for the second, and that it has but to find out the quantity to be awarded for the third challenge.
Of the remaining 10 security defects reported by exterior researchers, eight are rated ‘medium severity’, and two have a severity ranking of ‘low’.
Half of the medium-severity bugs are use-after-free points impacting Chrome’s Printing, Profiles, Studying Mode, and Aspect Panel elements. The opposite half consists of two incorrect security UI points and two inappropriate implementation flaws in Downloads.
The low-severity defects addressed this week embody an inappropriate implementation in WebApp Supplier and an incorrect security UI in ‘Image In Image’, Google notes.
The web big says it has paid out over $40,000 in bug bounty rewards to the reporting researchers. Nevertheless, with the bounties for 3 of the bugs but to be decided, the ultimate quantity is perhaps a lot larger.
As ordinary, Google is holding entry to the bugs restricted “till a majority of customers are up to date with a repair”.
The most recent Chrome iteration is now rolling out to customers as model 119.0.6045.105 for Linux and macOS, and as variations 119.0.6045.105/.106 for Home windows.
Chrome for Android too was up to date on Tuesday, bringing the identical security fixes because the desktop model of the browser, Google says. Chrome 119 was pushed to iOS as effectively.
Google makes no point out of any of those vulnerabilities being exploited within the wild.