Chrome 118 Patches 20 Vulnerabilities


Google released the stable channel release of Chrome 118 on Tuesday, which includes patches for 20 vulnerabilities, 14 of which were disclosed by external researchers.The most serious of the externally reported weaknesses is CVE-2023-5218, a significant defect defined as a use-after-free issue in Site Isolation, Chrome’s component responsible for stopping sites from stealing data from other sites.

Site Isolation, which is implemented in Chrome as an extra security feature on top of the code that enforces the Same Origin Policy, organizes pages from different domains in distinct processes that run in their own sandboxes. While Google does not give details on CVE-2023-5218, use-after-free issues in Site Isolation can often allow attackers to achieve a sandbox escape via a forged HTML page.

Read More…