Google has released Chrome 114 with 18 security fixes, including 13 vulnerabilities reported by external researchers. Among these, eight are rated as ‘high’ severity, with the most significant being an out-of-bounds write issue in Swiftshader (CVE-2023-2929), which earned a $15,000 bug bounty for the researcher. Other high-severity flaws include a use-after-free bug in Extensions (CVE-2023-2930) and vulnerabilities in the PDF component. Google did not issue bug bounty rewards for three high-severity issues reported by its own Project Zero researchers. The update also addresses medium and low-severity defects, and Google awarded over $65,000 in bug bounty rewards. No evidence of these flaws being exploited in malicious attacks has been found.
Read more: https://www.securityweek.com/chrome-114-released-with-18-security-fixes/