Google has released Chrome 118, which fixes 20 vulnerabilities, 14 of which were reported by external researchers. The most severe issue was a use-after-free bug in Site Isolation, a Chrome component for preventing one site from stealing another’s data. Google has not yet set a bug bounty reward for the critical vulnerability, but it has awarded $30,000 in total to the external researchers who found the other 14 issues. Use-after-free bugs in Site Isolation can typically be used to escape the sandbox, which could allow for arbitrary code execution.
Read more: https://www.securityweek.com/chrome-118-patches-20-vulnerabilities/