Chrome from Google (‘Alphabet’), the browser, is presently being used by almost 7 (seven) users among 10 (ten), across the globe. However, the browser is not spared from the on-slot of attacks on it. CERT-India, even as late as 13 Dec 2023, had issued an alert vide its Vulnerability note CIVN-2023-0361 of ‘Multiple Vulnerabilities in Google Chrome for Desktop’ and classifying the severity rate as “HIGH’. The present stable version for Windows Desktop is 120.0.6099.130 (Official Build) (64-bit). For the Mac and Linux users the latest version being 120.0.6099.129. Those users who use Android the lates updated version is Chrome 120 (120.0.6099.144) for Android. To verify the desktop version of chrome for its update: Open the chrome browser, and click of the ‘More’ (Three vertical dots) and navigate to the ‘Help’ and click on ‘About Google Chrome’. Please refer screenshot below:
The CVE in the year 2023 in respect of the Chrome Browser is tabulated below, those reported vulnerabilities have been provided with the updates and the present release post CVE-2023-7024, in which google has updated the chrome to Version 120.0.6099.130. (As on 24 Dec 2024)
|
Ser No |
Date Published (yyyy-mm-dd hh:mm:ss) |
CVE Number |
Description |
Chromium security severity |
|
1 |
2023-12-21 23:15:11 |
CVE-2023-7024 |
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
HIGH |
|
2 |
2023-04-14 19:15:09 |
CVE-2023-2033 |
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
HIGH |
|
3 |
2023-04-19 04:15:32 |
CVE-2023-2136 |
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
HIGH |
|
4 |
2023-11-13 20:15:29 |
CVE-2023-4762 |
Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. In affected versions the file uploads feature did not prevent the upload of PHP files. This may lead to code execution on the server by authenticated users. This vulnerability is fixed in v3.1.2. Users are advised to upgrade. |
– |
|
5 |
2023-06-05 22:15:12 |
CVE-2023-3079 |
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
HIGH |
|
6 |
2023-09-12 15:15:24 |
CVE-2023-4863 |
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
CRITICAL |
|
7 |
2023-09-28 16:15:11 |
CVE-2023-5217 |
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
HIGH |
|
8 |
2023-11-29 12:15:07 |
CVE-2023-6345 |
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. |
|
What is a CVE?
CVE, short for Common Vulnerabilities and Exposures, is a list of publicly disclosed computer security flaws. Here a number is assigned with the year of publishing appearing first (As in CVE-2023-7024). When someone refers to a CVE, they mean a security flaw that’s been assigned a CVE ID number.
Founded in 1999, the CVE program is maintained by the MITRE (a company name) (funded by NIST (National Institute of Standards and Technology)) corporation and sponsored by the U.S. Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA).
Security advisories issued by vendors and researchers almost always mention at least one CVE ID. CVEs help IT professionals coordinate their efforts to prioritize and address these vulnerabilities to make computer systems more secure.
Conclusion
It is vital for any computer user to make the right choice while selecting a browser. It is also advised to hold on to one browser and make the same default in the computer. Further, the browser holds all key aspects of access to the ‘world wide web’ or the other enterprise portal services. The Privacy and Security component is governed by the browser settings. The ‘add-ons’ that is attached to the browser also provided additional features exclusive to the browser type and the session created. the SSL connectivity with any page is ensured by the browser. the browser also provides feature such as “Password Manager” and hence the security of the browser is also of significance. the browser also manages the cookies and also the most important DNS lookup utility. Most browsers also provide the feature of “Auto-fill”, this is obvious when we fill up addressees or account number or even other credentials including phone numbers, etc. All this and more are inherent to the browser that we use these on daily basis. Hence, it is pertinent to note that a secured browser, duly updated need to be used while a user is on the web. The web browser once updated, need to be always ‘relaunched’ (this entails closing the browser and opening it a fresh)