Chrome 150 Update Patches 27 Vulnerabilities

https://www.securityweek.com/wp-content/uploads/2023/04/Chrome-Zero-Day-exploits.jpg

Google on Wednesday announced a Chrome 150 security update that resolves 27 vulnerabilities, including two critical-severity flaws.

The two critical bugs are use-after-free issues in Chrome’s Ozone and Views components. Both were found by Google last month.

The Chrome refresh resolves a total of 13 use-after-free defects, including 10 high-severity and one medium-severity weakness.

Other types of vulnerabilities patched in this update include uninitialized use, integer overflow, out-of-bounds read and write, insufficient validation of untrusted input, inappropriate implementation, insufficient data validation, and insufficient policy enforcement.

Most of these flaws were discovered by Google, a trend that has been ongoing for over two months. Per Google’s advisory, only three of the newly resolved security defects were reported by external researchers, who received a total of $3,000 in bug bounty rewards.

Likely driven by the use of AI, the trend led to lower bug bounty rewards but resulted in far...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

Read more