8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
74.3%
The Stable channel is being updated to 109.0.5414.94 (Platform version:15236.66.0) for most ChromeOS devices and will be rolled out over the next few days.
For Chrome browser fixes, see the Chrome Desktop release announcement.
If you find new issues, please let us know one of the following ways:
Interested in switching channels? Find out how.
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.
[$4000] [1353208] High CVE-2023-0128 Use-after-free in Ash. Reported by Khalil Zhani
[$TBD] [1399904] Medium CVE-2023-0137 Container Overflow in ChromOS. Reported by Avaue and Buff3tts at S.S.L.
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.