Spain
Portugal
Google has announced the release of Chrome 109 in a stable channel with fixes for 17 vulnerabilities, including 14 bugs reported by external researchers.
Most of them relate to medium and low severity deficiencies, and only two represent high severity errors.
These include a post-release usage issue in overview mode (CVE-2023-0128) and a heap buffer overflow error in the network service (CVE-2023-0129).
The first one was discovered on August 16, 2022 by the researcher Khalil Zhani, the second one was reported by Asnine on November 7, 2022.
Google claims that it paid them a reward for the discovery of these vulnerabilities in the amount of $ 4,000 and $2,000, respectively.
In the latest version of the browser, a total of eight medium-severity errors have been fixed, five of which are implementation problems in Chrome components such as API, Iframe sandbox and permission requests.
The remaining issues include two usage vulnerabilities after being released in the trash and a heap buffer overflow error in Platform Apps.
Chrome 109 also includes fixes for four low-severity vulnerabilities reported from the outside.
Google notes that the highest error detection reward was paid for one of the low-severity issues - CVE-2023-0138, a heap buffer overflow error in the libphonenumber component.
The researcher received a reward of $8,000, with the highest reward for a medium-severity error being $5,000.
In total, Google has paid $39,000 to researchers who reported bugs, but the final amount may be higher because the company has yet to determine a reward for one of the medium-severity problems.
Chrome is currently available in the latest version 109.0.5414.74 for Linux, 109.0.5414.74/.75 for Windows and 109.0.5414.87 for macOS.
The developer did not mention the use of any of these vulnerabilities in malicious attacks.
