"Chrome 115 Patches 20 Vulnerabilities"

Google recently announced the release of Chrome 115 to the stable channel, with patches for 20 vulnerabilities, including 11 reported by external researchers.  Google noted that four of the externally reported security defects are assessed with a "high severity" rating.  Based on the bug bounties paid for them, the most important of these are CVE-2023-3727 and CVE-2023-3728, two use-after-free issues in WebRTC. Google says it handed out a $7,000 reward for each of them.  The third high-severity flaw that Chrome 115 resolves is another use-after-free bug, this time in Tab Groups.  Tracked as CVE-2023-3730, the vulnerability was awarded a $2,000 bug bounty.  The fourth high-severity issue, CVE-2023-3732, is described as an out-of-bounds memory access in Mojo.  Google noted that the bug was discovered by Google Project Zero researcher Mark Brand and, per their policies, no bug bounty will be issued for it.  Google stated that Chrome 115 resolves six externally reported medium-severity vulnerabilities, which are described as inappropriate implementation flaws in the WebApp Installs, Picture In Picture, Web API Permission Prompts, Custom Tabs, Notifications, and Autofill components.  This browser release also resolves a low-severity insufficient validation of untrusted input bug in Themes.  Google says it has paid a total of $34,000 in bug bounty rewards to the reporting researchers.  Google makes no mention of any of the newly resolved vulnerabilities being exploited in malicious attacks.

SecurityWeek reports: "Chrome 115 Patches 20 Vulnerabilities"