Tracked as CVE-2023-2721 and reported by Qihoo 360 researcher Guang Gong, the issue is described as a use-after-free flaw in Navigation.
A remote attacker could craft an HTML page to trigger a heap corruption when a user accesses the page. The attacker would have to convince the user to visit the page.
Use-after-free vulnerabilities are memory corruption bugs that occur when the pointer is not cleared after memory allocation is freed, which could lead to arbitrary code execution, denial-of-service, or data corruption.
In Chrome, use-after-free issues can be exploited to escape the browser sandbox, which also requires for the attacker to target a vulnerability in the underlying system or in Chrome’s browser process.
The latest Chrome update addressed three other externally reported use-after-free flaws, all rated ‘high’ severity. The vulnerabilities impact the browser’s Autofill UI, DevTools, and Guest View components.
The new browser release also resolves a high-severity type confusion bug in the V8 JavaScript engine and a medium-severity inappropriate implementation issue in WebApp Installs.
Google says it paid $11,500 in bug bounties to the reporting researchers. However, the company has yet to determine the amounts to be paid for two of the vulnerabilities, including the critical-severity one, and the final amount could be higher.
The latest Chrome iteration is now rolling out as version 113.0.5672.126 for macOS and Linux, and as versions 113.0.5672.126/.127 for Windows.