Chrome releases version 118 Patches 20 flaws, one critical
Take action: This month the Chrome update is low drama one. Patch whenever you can, it takes less than a minute and restores your tabs after restart.
Learn More
Google released Chrome 118 for its stable channel, addressing 20 vulnerabilities, with 14 of them being reported by third-party researchers. The newest version of Chrome, 118.0.5993.70, is now available for macOS and Linux users, while Windows users have versions 118.0.5993.70/.71 at their disposal.
Expect that the same patches get released for all Chromium based browsers (Opera, Brave, Edge).
The most pressing among these externally highlighted vulnerabilities is CVE-2023-5218, which is a critical "use-after-free" defect found in Site Isolation. This Chrome component is pivotal for prohibiting sites from unlawfully accessing data from other sites. Site Isolation functions by categorizing pages from disparate domains into individual processes, which operate in isolated environments, known as sandboxes.
Though specifics regarding CVE-2023-5218 are not divulged by Google, such vulnerabilities in Site Isolation typically let attackers evade the sandbox using a specially designed HTML page, potentially leading to arbitrary code execution.
Chrome 118 also addresses eight medium-level vulnerabilities submitted by third-party researchers. Six of these are related to incorrect implementations in areas such as Fullscreen, Navigation, DevTools, Intents, Downloads, and the Extensions API. Additionally, a use-after-free issue in Blink History and a heap buffer overflow issue in PDF, both of medium-severity, have been rectified.
Further, five additional vulnerabilities reported externally, deemed low-severity, were fixed. These include four incorrect implementations and a use-after-free flaw.
