Critical Vulnerability in Google Chrome Payments Security Patched
Take action: When you put the terms 'critical' 'vulnerability' and 'payment' together, it's time to close all tabs and update your Chrome and Chromium based browsers (Brave, Opera, Edge, Vivaldi).
Learn More
Another critical security update for the Chrome browser has been released, which addresses four vulnerabilities, one of which is a critical issue affecting the browser's 'autofill payments' feature, which automatically fills in payment details on online forms.
One of the vulnerabilities addressed in this update is identified as CVE-2023-3214. This new security issue is classified as critical and specifically affects the autofill payments function of Google Chrome. Google didn't release details of the vulnerability to slow down the development of an exploit.
It's known that CVE-2023-3214 is a 'use-after-free' vulnerability. This means the program will try to access the memory after it has been released which can cause to a lot of unexpected events like program crashes, unexpected behavior, or execution of malicious code.
In addition to CVE-2023-3214, this update addresses three other critical vulnerabilities:
- CVE-2023-3215: A use-after-free vulnerability in the Chromium WebRTC, which is a real-time communication system for audio, video, and data.
- CVE-2023-3216: A type confusion vulnerability in the V8 JavaScript engine.
- CVE-2023-3217: Another use-after-free vulnerability, this time in the Chrome browser's WebXR, which is an application programming interface (API) for augmented reality and virtual reality.
The patched browser version numbers as 114.0.5735.133 for Mac and Linux, and 114.0.5735.133/134 for Windows.
Other browsers that use the Chromium engine, such as Brave, Edge, Opera, and Vivaldi, will also receive updates.
