On Tuesday, October 24th, 2023, Google announced its new stable channel update for desktop users (Mac, Windows, and Linux). Google revealed that the new stable release for Mac and Linux is version v118.0.5993.117, and the update for Windows desktop users is version v118.0.5993.118.
The extended stable channel for both Mac and Windows is set to roll out in the upcoming days or weeks. Google also released a list of the changes made in this build, which is available in the log.
In terms of bug fixes, the security update addressed two bugs and was assigned the record CVE-2023-5472. Google disclosed that external researchers discovered this vulnerability, but Google has not yet granted access to the bug information (bug #1491296) in order to protect its users from potential exploitation.
In a Note, Daniel Yip of Google Chrome stated that:
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”
BUG DISCOVERY AND BOUNTY:
Regarding the bug discovery and bounty, the bug was found on October 10, 2023, and reported by @18楼梦想改造家.
Google rewarded the researcher with a bounty of USD $3,000. Google also outlined its internal security process, which is responsible for a wide range of fixes, including internal audits, fuzzing, and other initiatives.
Additionally, Google also provided a list outlining Theora support and announced the removal of video code from the Chrome browser in a forthcoming update. Google explained that the reason for this action is the increasing prevalence of zero-day attacks against media codecs. You can find more information about the discontinuation of Theora support here.
We at fixitgearware strongly advise users to promptly update their Chrome browser, as recommended by the Google team.
Please do let us know in the comment section what are your thoughts about this.