Google stated this week that Chrome 96 is now available in the stable channel, including patches for 25 security issues, including 18 bugs discovered by external security experts.
Seven of the externally disclosed security issues are classified as “high severity.” The high-risk problems were identified by Google as use-after-free concerns in components such as media, storage foundation, and loader.
The three remaining vulnerabilities fixed by this browser update are a Type Confusion in V8 and two incorrect implementations in cache and service workers.
This week, Chrome patched ten medium severity bugs, including a Type Confusion in V8, a heap buffer overflow in fingerprint recognition, an out of bounds write in Swiftshader, incorrect implementations in input, navigation, and referrer, and insufficient policy enforcements in background fetch, iframe sandbox, CORS, and contacts picker.
Google also addressed an incorrect implementation in Web Authentication, which is rated as low severity. The search engine giant stated that it paid around $60,000 in bug bounty incentives to the external researchers who discovered the vulnerabilities. The latest Chrome version, 96.0.4664.45, is now available for Windows, Mac, and Linux users.