Jump to content

Google Chrome 123.0.6312.59 Dual x86x64 Silent


Recommended Posts

 

A graphic showing Google Chrome's logo
 

Google released a new stable version of its Chrome web browser for desktop operating systems and Android today. This new version of Chrome, Google Chrome 123.0,  is a feature and security update.

To get the security part out of the way: Google patched 12 security issues in Chrome Stable. The company lists seven of the twelve security issues on the Chrome Releases website. The highest severity is high and Google makes no mention of exploits in the wild.

The new Chrome 123.0 release is available already. It should be pushed to most non-managed systems and installations of Chrome automatically. Desktop users may speed up the installation by loading chrome://settings/help or by selecting Menu > Help > About Google Chrome.

Google Chrome 123.0

The browser checks for updates when the page is opened. Any new update is downloaded and installed automatically at that point. A restart of the browser is required to complete the upgrade.

 

Android users need to wait until Google unlocks the update for their devices. There is no way to speed up the installation of the update.

Chrome 123.0: new features and changes

Google Chrome 123 ships with a number of important changes. One of the main changes affects Windows users only. Google is changing the name and file path of the Google Update executable for Windows.

Previously named GoogleUpdate.exe and found under C:\Program Files (x86)\Google\Update\GoogleUpdate.exe, it is now named updater.exe and found under C:\Program Files (x86)\Google\GoogleUpdater\VERSION\updater.exe. In other words, the location is dynamic now. This may make it difficult for users to block the updater from running automatically, for instance by changing its rights.

This change is rolling out over time. If you don't see the new directory and name yet, you have to wait until it rolls out to the system you manage.

Generative AI features

 

Chrome Tab Organizer

Google introduced generative AI features such as Tab Organizer or Create Themes in Chrome 122. These features were limited to adult users from the United States only at the time and needed to be enabled manually. While the features are still limited to adult Chrome users in the United States, some users have these features enabled by default in Chrome 123.

I reviewed Tab Organizer back when it launched. It analyzes all open tabs and suggests groups for matching tabs automatically. Tab Groups are an excellent feature of many browsers. Since Tab Organizer is an AI feature, its processing happens remotely. In other words, Chrome submits information about all open tabs to Google servers. If you do not want that, avoid the feature and group the tabs manually instead.

Smaller changes in Chrome 123

Here is a list of smaller changes that you find in the release. As always, some of these may roll out gradually to all users.

  • Resume Tabs -- The new tab page features a new card to open tabs from other devices. This works only if Chrome Sync is enabled. Chrome on iOS gets another resume option. It displays a quick shortcut pointing to the URL of the last open tab on any device "within the last 24 hours".
  • Chrome Sync -- does not support Chrome 81 or earlier versions of the browser anymore. Solution is to upgrade Chrome to a newer version.
  • Enhanced password re-use detection -- Chrome detected password re-use of corporate credentials when using a corporate profile in the past. This is extended to non-corporate profiles in Chrome 123.
  • Safe Browsing Telemetry -- With Enhanced Protection turned on, Chrome may sent additional telemetry to Google. This happens on pages on which a user accepts notification permissions.
  • Private network access warnings -- Google Chrome's private network access checks are designed to protect the private network from malicious requests. The feature runs in warning mode and warnings are shown in the browser's Developer Tools. Google will switch to protected mode in Chrome 130 at the earliest.

Chrome developers may want to check out the Chrome Status website. It lists development related changes in the new browser version.

Edited by 大†Shinegumi†大
Link to comment
Share on other sites

The Stable channel has been updated to 110.0.5481.104 for Windows only, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

 

The Extended Stable channel has been updated to 110.0.5481.104 for Windows only which will roll out over the coming days/weeks.

Link to comment
Share on other sites

111.0.5563.110/.111 for Windowswhich will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

 

This update includes 8 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

 

[$10000][1421773] High CVE-2023-1528: Use after free in Passwords. Reported by Wan Choi of Seoul National University on 2023-03-07

[$8000][1419718] High CVE-2023-1529: Out of bounds memory access in WebHID. Reported by anonymous on 2023-02-27

[$7000][1419831] High CVE-2023-1530: Use after free in PDF. Reported by The UK's National Cyber Security Centre (NCSC) on 2023-02-27

[$TBD][1415330] High CVE-2023-1531: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos on 2023-02-13

[$NA][1421268] High CVE-2023-1532: Out of bounds read in GPU Video. Reported by Mark Brand of Google Project Zero on 2023-03-03

[$TBD][1422183] High CVE-2023-1533: Use after free in WebProtect. Reported by Weipeng Jiang (@Krace) of VRI on 2023-03-07

[$NA][1422594] High CVE-2023-1534: Out of bounds read in ANGLE. Reported by Jann Horn and Mark Brand of Google Project Zero on 2023-03-08

 

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Link to comment
Share on other sites

The Stable and extended stable channel has been updated to 112.0.5615.121 for Windows Mac and Linux  which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

 


M112 Stable Update for Desktop - v112.0.5615.121

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.


This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.


[$NA][1432210] High CVE-2023-2033: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-04-11


We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.


Google is aware that an exploit for CVE-2023-2033 exists in the wild.


As usual, our ongoing internal security work was responsible for a wide range of fixes:

[1433131] Various fixes from internal audits, fuzzing and other initiatives

Link to comment
Share on other sites

The Stable channel is being updated to 112.0.5615.134 (Platform version: 15359.58.0) for most ChromeOS devices and will be rolled out over the next few days.

For Chrome browser fixes, see the Chrome Desktop release announcement.

If you find new issues, please let us know one of the following ways:

Interested in switching channels? Find out how.

 

Google ChromeOS
Link to comment
Share on other sites

The Stable and extended stable channel has been updated to 113.0.5672.92/.93 Windows and 113.0.5672.92 for Mac and Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

Interested in switching release channels?  Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Link to comment
Share on other sites

The Stable channel has been updated to 113.0.5672.126 for Mac and Linux and 113.0.5672.126/.127 for Windowswhich will roll out over the coming days/weeks.A full list of changes in this build is available in the log.

 

 Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

 

This update includes 12 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

 

[$TBD][1444360] Critical CVE-2023-2721: Use after free in Navigation. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2023-05-10

[$7000][1400905] High CVE-2023-2722: Use after free in Autofill UI. Reported by Rong Jian of VRI on 2022-12-14

[$3000][1435166] High CVE-2023-2723: Use after free in DevTools. Reported by asnine on 2023-04-21

[$NA][1433211] High CVE-2023-2724: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-04-14

[$TBD][1442516] High CVE-2023-2725: Use after free in Guest View. Reported by asnine on 2023-05-04

[$1500][1442018] Medium CVE-2023-2726: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry on 2023-05-03

Link to comment
Share on other sites

The Stable and extended stable channels has been updated to 114.0.5735.133 for Mac and Linux and 114.0.5735.133/134 for Windowswhich will roll out over the coming days/weeks. A full list of changes in this build is available in the log.



Security Fixes and Rewards
 

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

 

This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

 

[$TBD][1450568] Critical CVE-2023-3214: Use after free in Autofill payments.Reported by Rong Jian of VRI on 2023-06-01

[$3000][1446274] High CVE-2023-3215: Use after free in WebRTC. Reported by asnine on 2023-05-17

[$TBD][1450114] High CVE-2023-3216: Type Confusion in V8. Reported by 5n1p3r0010 on 2023-05-31

[$NA][1450601] High CVE-2023-3217: Use after free in WebXR. Reported by Sergei Glazunov of Google Project Zero on 2023-06-01

 

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:

  • [1454307] Various fixes from internal audits, fuzzing and other initiatives

 

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer,UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Link to comment
Share on other sites

This release includes stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.

Android releases contain the same security fixes as their corresponding Desktop release (Windows: 114.0.5735.198/.199, Mac & Linux: 114.0.5735.198), unless otherwise noted.

Link to comment
Share on other sites

The Stable channel has been updated to 115.0.5790.170 for Mac and Linux and 115.0.5790.170/.171 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.
 

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...