This week, Google revealed that the first stable version of Chrome 110 includes 15 security updates, including 10 that fix flaws discovered by outside researchers.
Three of the externally reported bugs have been given a “high severity” rating. There is a type of confusion bug in the V8 engine, a full-screen implementation problem, and a WebRTC out-of-bounds read vulnerability, among others. The first security flaw, identified as CVE-2023-0696, is described as a heap corruption that can be remotely exploited using a specially constructed HTML page.
Google awarded the reporting researcher with a bug bounty of USD 7,000. The second critical flaw, CVE-2023-0697, affects Chrome for Android and could enable a remote attacker to spoof the security UI’s contents using a specially crafted HTML page.
Read More: Chrome 110 Patches 15 Vulnerabilities