Google has released a new Chrome 114 update, which patches four vulnerabilities, including three high-severity bugs reported by external researchers. The internet giant paid out a total of $35,000 in bug bounty rewards to the reporting researchers. Man Yue Mo, a researcher at GitHub Security Lab, discovered a type confusion issue in Chrome's V8 JavaScript rendering engine, earning a $20,000 bounty. Next in line was CVE-2023-3421, a use-after-free vulnerability in Media, which Cisco Talos researcher Piotr Bania earned a $10,000 bounty for finding this security defect. These use-after-free vulnerabilities, which are memory corruption issues that Google has been battling in both Chrome and Android, may lead to arbitrary code execution, data corruption, or denial of service.

The third externally reported bug is CVE-2023-3422, a use-after-free flaw in Guest View, which Google paid a $5,000 reward to security researcher 'asnine'. Google does not mention any of these vulnerabilities being exploited in attacks. The latest Chrome iteration is now rolling out as version 114.0.5735.198 for macOS and Linux and as versions 114.0.5735.198/199 for Windows. Cisco Talos released technical details on CVE-2023-1531, a use-after-free vulnerability in the ANGLE library (open source, cross-platform graphics engine in Chrome), which was addressed in March with the release of Chrome 111.0.5563.110.

admin