January 25, 2023

Google Patches Chrome Vulnerabilities, 2 Critical RCEs

Google has released Chrome version 109.0.5414.119/120 for Mac and Linux and Windows, patching 2 RCE vulnerabilities.
Successful exploitation might lead to remote code execution (RCE).

The RCE Vulnerabilities

• CVE-2023-0471, High-Severity – Use after free vulnerability in WebTransport.
• CVE-2023-0472, High-Severity – Use after free vulnerability in WebRTC.

These vulnerabilities can be exploited remotely, which could have devastating effects ranging from corruption of valid data to the execution of malicious code on a compromised machine.

Affected Products

These vulnerabilities affect all Chrome and Chromium based browsers.

Mitigation

CYREBRO recommends to updating browsers to the latest Chrome version, 109.0.5414.119/120 for Windows, Mac and Linux.

For the full patched vulnerabilities list, visit Chrome Releases.

References: Chrome Releases.