The Stable channel is being updated to 118.0.5993.86 (Platform version: 15604.45.0) for most ChromeOS devices and will be rolled out over the next few days. This build contains a number of bug fixes and security updates.
If you find new issues, please let us know one of the following ways:
Interested in switching channels? Find out how.
Cole Brown,
Google ChromeOS
Security Fixes and Rewards
ChromeOS Vulnerabiltity Rewards Program Reported Bug Fixes:
[$5000] [1472943] High CVE-NA Use-after-free in Virglrenderer. Reported by rinngo on 2023-08-15
[$7000] [1473956] High CVE-NA Heap buffer overflow in Virglrenderer. Reported by Bugreporterca on 2023-08-15
[$5000] [1472566] High CVE-NA Heap buffer overflow in Virglrenderer. Reported by Bugreporterca on 2023-08-14
[$1000] [1473015] Medium CVE-NA Heap buffer overflow in Virglrenderer. Reported by Bugreporterca on 2023-08-18
[$1000] [1474235] Medium CVE-NA Out-of-Bound Read in Virglrenderer. Reported by zx on 2023-08-20
[$500] [1475224] Low CVE-NA DoS in Virglrenderer. Reported by Bugreporterca on 2023-08-23
We would like to thank the security researchers that report vulnerabilities to us via bughunters.google.com to keep ChromeOS and the entire open source ecosystem secure.
Chrome Browser Security Fixes:
[TBD][1487110] Critical CVE-2023-5218: Use after free in Site Isolation. Reported by @18楼梦想改造家 on 2023-09-27
[$2000][1476952] Medium CVE-2023-5475: Inappropriate implementation in DevTools. Reported by Axel Chong on 2023-08-30
[$1000][1458934] Medium CVE-2023-5481: Inappropriate implementation in Downloads. Reported by Om Apip on 2023-06-28
[$1000][1474253] Medium CVE-2023-5476: Use after free in Blink History. Reported by Yunqin Sun on 2023-08-20
[$500][1471253] Medium CVE-2023-5479: Inappropriate implementation in Extensions API. Reported by Axel Chong on 2023-08-09
[$6000][1395164] Low CVE-2023-5485: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2022-12-02
[$2000][1472404] Low CVE-2023-5478: Inappropriate implementation in Autofill. Reported by Shaheen Fazim on 2023-06-15
[$1000][1357442] Low CVE-2023-5486: Inappropriate implementation in Input. Reported by Hafiizh on 2022-08-29
[$1000][1484000] Low CVE-2023-5473: Use after free in Cast. Reported by DarkNavy on 2023-09-18
Other 3rd Party Security Fixes Included:
[NA] [299481133] High Fixes CVE-2023-4921 in Linux Kernel
Android Runtime Container Security Fixes:
[NA] [NA] Medium Fixes CVE-2023-21143 on impacted platforms
[NA] [NA] Medium Fixes CVE-2020-29374 on impacted platforms
Users who are pinned to a specific release of ChromeOS will not receive these security fixes or any other security fixes. We recommend updating to the latest version of Stable to ensure you are protected against exploitation of known vulnerabilities.
To see fixes included in the Long Term Stable channel, see the release notes.