Https://chromereleases.googleblog.comGCSA-3448290339639608283Stable Channel Update for ChromeOS / ChromeOS Flex
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.68 Medium
EPSS
Percentile
97.9%
The Stable channel is being updated to OS version: 15572.50.0 Browser version:117.0.5938.115 for most ChromeOS devices.
If you find new issues, please let us know one of the following ways
- File a bug
- Visit our ChromeOS communities
1. General: Chromebook Help Community
2. Beta Specific: ChromeOS Beta Help Community - Report an issue or send feedback on Chrome
Interested in switching channels? Find out how.
Security Fixes and Rewards
VRP Reported Security Fixes:
[$TBD] [1462551] High CVE-NA Fixes security bug in mwifiex firmware. Reported by Lovepink on 2023-06-06
[$20000][1404036] High CVE-NA Multiple Type Confusion Vulnerabilities in Qualcomm Snapdragon. Reported by lovepink! on 2023-05-24 Comment end
**
**
3rd Party Security Fixes:
[NA] [300015449] High Fixes CVE-2023-4622 in Linux Kernel
[NA] [300015805] High Fixes CVE-2023-4208 in Linux Kernel
[NA] [302181598] High Fixes CVE-2023-42753 in Linux Kernel
**
**
Chrome Browser Security Fixes:
[$10000][1479274] Critical CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06
[$3000][1459281] Medium CVE-2023-4901: Inappropriate implementation in Prompts. Reported by Kang Ali on 2023-06-29
[$2000][1454515] Medium CVE-2023-4902: Inappropriate implementation in Input. Reported by Axel Chong on 2023-06-14
[$1000][1453501] Medium CVE-2023-4904: Insufficient policy enforcement in Downloads. Reported by Tudor Enache @tudorhacks on 2023-06-09
[$6000][1449874] Low CVE-2023-4906: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2023-05-30
[$2000][1451543] Low CVE-2023-4908: Inappropriate implementation in Picture in Picture. Reported by Axel Chong on 2023-06-06
[$TBD][1463293] Low CVE-2023-4909: Inappropriate implementation in Interstitials. Reported by Axel Chong on 2023-07-09
**
**
Android Runtime Container Security Fixes:
No Android Runtime Container Security Fixes for this release
We would like to thank the security researchers that report vulnerabilities to us via bughunters.google.com to keep ChromeOS and the entire open source ecosystem secure.
Matt Nelson,
Google ChromeOS
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.68 Medium
EPSS
Percentile
97.9%