Lucene search

K
chromeHttps://chromereleases.googleblog.comGCSA-5372636413617080169
HistoryNov 14, 2023 - 12:00 a.m.

Stable Channel Update for ChromeOS/ChromeOS Flex

2023-11-1400:00:00
https://chromereleases.googleblog.com
chromereleases.googleblog.com
43
chromeos
m119
stable
update
security
bug fixes
rewards
chromeos flex
os version
browser version
vulnerability
report
researchers
chrome browser
third party
android runtime
container
lts
release notes

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

61.0%

ChromeOS M119 Stable

The Stable channel is being updated to OS version: 15633.44.0 Browser version: 119.0.6045.158 for most ChromeOS devices.

If you find new issues, please let us know one of the following ways

  1. File a bug
  2. Visit our ChromeOS communities
    1. General: Chromebook Help Community
    2. Beta Specific: ChromeOS Beta Help Community
  3. Report an issue or send feedback on Chrome

Interested in switching channels? Find out how.


Security Fixes and Rewards


ChromeOS Vulnerabiltity Rewards Program Reported Bug Fixes:

[$TBD] [1477932] Medium CVE-2023-21216 Use-after-free in PowerVR GPU Driver. Reported by lovepink on 2023-09-07

We would like to thank the security researchers that report vulnerabilities to us via bughunters.google.com to keep ChromeOS and the entire open source ecosystem secure.

Chrome Browser Security Fixes:
[N/A] [1497859] High CVE-2023-5996: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab via Tianfu Cup 2023 on 2023-10-30

Other 3rd Party Security Fixes Included:
[NA] High Fixes CVE-2023-35685 on impacted platforms
[NA] Medium Fixes CVE-2023-4244 in Linux Kernel
[NA] Medium Fixes CVE-2023-5197 in Linux Kernel

Android Runtime Container Security Fixes:
[NA] Critical Fixes CVE-2023-40113 on impacted platforms
[NA] High Fixes CVE-2023-40109 on impacted platforms
[NA] High Fixes CVE-2023-40114 on impacted platforms
[NA] High Fixes CVE-2023-40110 on impacted platforms
[NA] High Fixes CVE-2023-40112 on impacted platforms
[NA] Medium Fixes CVE-2023-40118 on impacted platforms

Users who are pinned to a specific release of ChromeOS will not receive these security fixes or any other security fixes. We recommend updating to the latest version of Stable to ensure you are protected against exploitation of known vulnerabilities.

To see fixes included in the Long Term Stable channel, see the release notes.

Daniel Gagnon,
Google ChromeOS

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

61.0%