Google published a point update for Chrome 116 today that addresses five security issues in the desktop versions and the Android version of the web browser. The update is available already, but it may take several days or even weeks before most devices that Chrome is installed on are updated.
Chrome users who run the browser on the desktop systems Windows, Linux or macOS may run a manual check for updates to install the security update immediately. This is done by either selecting Help > Menu > About Google Chrome, or by loading chrome://settings/help directly. The page that opens displays the installed version and Chrome runs a check for updates whenever the page is opened. It should find the Chrome 116 point update and install it. A restart is required to complete the process.
Chrome users who open the About Chrome Page after installation of the latest update should see the following version listed on the page:
- Chrome for macOS and Linux: 116.0.5845.110
- Chrome for Windows: 116.0.5845.110 or 116.0.5845.111
- Chrome for Android: 116.0.5845.114
Chrome 116 security update
Google lists five fixed security issues on the Chrome Releases blog. Four of the vulnerabilities have a severity rating of high, one a severity rating of medium. The fixes address two use after free vulnerabilities in Vulkan and Loader, and three out of bounds memory access vulnerabilities in CSS, V8 and Fonts.
Google does not mention exploits in the wild, but this could change in the coming days. Other Chromium-based web browsers are also affected by the security issue and should receive updates in the coming days or weeks to address these.
- [$10000][1469542] High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2023-08-02
- [$3000][1469754] High CVE-2023-4429: Use after free in Loader. Reported by Anonymous on 2023-08-03
- [$2000][1470477] High CVE-2023-4428: Out of bounds memory access in CSS. Reported by Francisco Alonso (@revskills) on 2023-08-06
- [$NA][1470668] High CVE-2023-4427: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-08-07
- [$NA][1469348] Medium CVE-2023-4431: Out of bounds memory access in Fonts. Reported by Microsoft Security Researcher on 2023-08-01
Chrome for Android is affected by the same vulnerabilities as the desktop versions. Android users can’t force the installation of the update, as this is handled via Google Play exclusively on Android.
Google released the main Chrome 116 update last week. The release addressed a total of 26 different security issues and also added more Telemetry to the browser. The company announced plans to switch to a weekly security update schedule to push security updates quickly to devices.