KLA20181 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface.

Below is a complete list of vulnerabilities:

1. Use after free vulnerability in GuestView can be exploited to cause denial of service or execute arbitrary code.
2. Type confusion vulnerability in ServiceWorker API can be exploited to cause denial of service.
3. Use after free vulnerability in WebRTC can be exploited to cause denial of service or execute arbitrary code.
4. Use after free vulnerability in WebTransport can be exploited to cause denial of service or execute arbitrary code.
5. Policy enforcement vulnerability in Intents can be exploited to cause denial of service.

Original advisories

Stable Channel Update for Desktop

Related products

Google-Chrome

CVE list

CVE-2023-0474 critical

CVE-2023-0473 critical

CVE-2023-0472 critical

CVE-2023-0471 critical

CVE-2022-4926 high

Solution

Update to the latest version

Download Google Chrome

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Google Chrome earlier than 109.0.5414.120