Google this week released Chrome 111 to the stable channel, patching 40 vulnerabilities, 24 of which were reported by external researchers. Of these, 8 were high-severity flaws, 11 were medium-severity bugs, and 5 were low-severity issues.
The high-severity vulnerabilities include three use-after-free issues in Swiftshader, DevTools, and WebRTC, for which Google rewarded researchers with bounties of $15,000, $4,000, and $3,000, respectively. Other high-severity security defects include two type confusion bugs in V8 and CSS, a stack buffer overflow issue in Crash reporting, and two heap buffer overflow bugs in Metrics and UMA, for which Google has yet to determine bounty amounts.
Medium-severity flaws patched in Chrome 111 include six insufficient policy enforcement issues impacting browser components, a heap buffer overflow bug in the Web Audio API, and a use-after-free vulnerability in Core. Low-severity issues patched in this release include two insufficient policy enforcement bugs in Resource Timing, an inappropriate implementation flaw in intents, a type confusion bug in DevTools, and an inappropriate implementation vulnerability in Internals.
Google says it paid more than $90,000 in bug bounty rewards to external researchers, but the total amount could be much higher as the company has yet to determine the bounty amounts for several reports. Chrome 111 is currently rolling out as versions 111.0.5563.64/.65 for Windows and version 111.0.5563.64 for Linux and macOS.
In conclusion, Chrome 111 patches 40 vulnerabilities, including 8 high-severity issues, 11 medium-severity bugs, and 5 low-severity flaws. Google has paid out more than $90,000 in bug bounty rewards, but the total amount could be higher as the company has yet to determine the rewards for several reports. This browser update is currently rolling out as versions 111.0.5563.64/.65 for Windows and version 111.0.5563.64 for Linux and macOS.
Key Points:
• Google announced the release of Chrome 111 to the stable channel with patches for 40 vulnerabilities.
• 24 of the addressed security defects were reported by external researchers.
• 8 high-severity vulnerabilities were reported, including three use-after-free issues.
• 11 medium-severity flaws were patched, including a heap buffer overflow bug in the Web Audio API.
• 5 low-severity issues were addressed, including two insufficient policy enforcement bugs in Resource Timing.
• Google has paid out more than $90,000 in bug bounty rewards to external researchers.
• Chrome 111 is currently rolling out as versions 111.0.5563.64/.65 for Windows and version 111.0.5563.64 for Linux and macOS.