In late April the popular browser received two consecutive updates, namely 14 and 18 of April. Let's walk through them.
Windows, Mac and Linux versions were first updated to version 112.0.5615.121 to address CVE-2023-2033 that allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Then another update came of 112.0.5615.137 (for Windows and Mac) and 112.0.5615.165 (for Linux) that fixes the following bugs:
- CVE-2023-2133, CVE-2023-2134: Out of bounds memory access in Service Worker API
- CVE-2023-2135: Use after free in DevTools
- CVE-2023-2136: Integer overflow in Skia
- CVE-2023-2137: Heap buffer overflow in sqlite
All above mentioned bugs were found by various security researches in March and April. Major Linux distribution can already supply the updated version via package managers.
Useful Links