Chrome & Brave Browser Updates

Topic

This is intended to alert users of updates using the STABLE desktop channel only. Check your respective browser update channels to update.

IMPORTANT
14/09/22 – Google Chrome 105.0.5195.127
Release Notes:
https://chromereleases.googleblog.com/

This update includes 11 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[$NA][1358381] High CVE-2022-3195: Out of bounds write in Storage. Reported by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute on 2022-08-31
[$10000][1358090] High CVE-2022-3196: Use after free in PDF. Reported by triplepwns on 2022-08-30
[$TBD][1358075] High CVE-2022-3197: Use after free in PDF. Reported by triplepwns on 2022-08-30
[$7000.0][1355682] High CVE-2022-3198: Use after free in PDF. Reported by MerdroidSG on 2022-08-23
[$TBD][1355237] High CVE-2022-3199: Use after free in Frames. Reported by Anonymous on 2022-08-22
[$1000][1355103] High CVE-2022-3200: Heap buffer overflow in Internals. Reported by Richard Lorenz, SAP on 2022-08-22
[$TBD][1343104] High CVE-2022-3201: Insufficient validation of untrusted input in DevTools. Reported by NDevTK on 2022-07-09

IMPORTANT
14/09/22 – Brave 1.43.93
Release Notes:
https://brave.com/latest/

Release Notes v1.43.93 (Sep 14th, 2022)

Restored gesture requirement for async clipboard write access.
Fixed crash on brave://settings which occurred due to brave://flags/#brave-sync-v2 being disabled.
Fixed crash on the New Tab Page which occurred due to brave://flags/#brave-news being disabled.
Fixed crash when the “options” dictionary is null in a Brave Wallet “SignAndSendTransaction” request to a Solana provider.
Fixed the “Learn more” link for unverified creators on the Brave Rewards panel not working.
Fixed blank panel on brave://welcome page which displayed in certain cases.
Upgraded Chromium to 105.0.5195.127.

Keep IT Lean, Clean and Mean!

2 users thanked author for this post.

Alex5723, Cybertooth

Replies

Windows Desktop Browser Updates

27th Sept 2022
Google Chrome Stable Update to 106.0.5249.62
Release notes:: https://chromereleases.googleblog.com/

Brave update to 1.44.101
Release Notes: https://brave.com/latest/

Keep IT Lean, Clean and Mean!

2 users thanked author for this post.

Cybertooth, Alex5723

Windows Desktop Browser Updates

Sept 30th 2022
Brave Update available to 1.44.105
Release Notes:
https://brave.com/latest/

Chrome Update available to 106.0.5249.91
Release Notes:
https://chromereleases.googleblog.com/

[$7000][1366813] High CVE-2022-3370: Use after free in Custom Elements. Reported by Aviv A. on 2022-09-22

[$10000][1366399] High CVE-2022-3373: Out of bounds write in V8. Reported by Tibor Klajnscek on 2022-09-21

Security issues fixed applicable to both Chrome and Brave versions.

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723

Windows Desktop Browser Updates

Wed 5th Oct 2022
Google Chrome Stable 106.0.5249.103 has been released.
More info:
https://chromereleases.googleblog.com/

Thurs 6th Oct 2022
Brave 1.44.108 also released.
https://brave.com/latest/
(awaiting release note update..try later)

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723

Oct 11th 2022

Google Chrome106.0.5249.119 stable released.

High CVE-2022-3445: Use after free in Skia. Reported by Nan Wang (@eternalsakura13) and Yong Liu of 360 Vulnerability Research Institute on 2022-09-16

High CVE-2022-3446: Heap buffer overflow in WebSQL. Reported by Kaijie Xu (@kaijieguigui) on 2022-09-26

High CVE-2022-3447: Inappropriate implementation in Custom Tabs. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2022-09-22

High CVE-2022-3448: Use after free in Permissions API. Reported by raven at KunLun lab on 2022-09-13

High CVE-2022-3449: Use after free in Safe Browsing. Reported by asnine on 2022-09-17

High CVE-2022-3450: Use after free in Peer Connection. Reported by Anonymous on 2022-09-30

More info:
https://chromereleases.googleblog.com/

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723

12th Oct 2022
Brave v1.44.112 Desktop Update
Release notes: https://brave.com/latest/

Updated Sardine purchase link to be set to selected network when opened from Buy screen on Brave Wallet. (#25839)

Removed deprecated Ethereum Testnet’s (Ropsten/Rinkeby/Kovan) and added support for Sepolia Testnet for Brave Wallet. (#25654)

Fixed issue with SignTransaction during NFT purchase on MagicEden when using Brave Wallet. (#25802)

Fixed crash when opening the New Tab Page in certain cases on Linux. (#25849)

Upgraded Chromium to 106.0.5249.119. (#25926) (Changelog for 106.0.5249.119)

This update covers the same CVE’s as Chrome 106.0.5249.119 released yesterday.

Keep IT Lean, Clean and Mean!

Brave 1.45.113 released Oct 25th 2022

With further fixes, additions and updates included..
Ref Release Notes:
https://brave.com/latest/

Security related:

….[Security] Added additional password protection for Brave Wallet account removal. (#24711)
[Security] Added additional password protection for Brave Wallet backup seed. (#24534)
[Security] Added additional password protection for Brave Wallet show private key. (#24830)
[Security] Enhanced protection against Brave Wallet pollution attacks. (#24415)
[Security] Updated the Brave Wallet network selector to show the full network name. (#25114)
[Security] Updated Brave Wallet to show the full network name in tooltip for Buy/Send/Swap widget and panel. (#25107)
[Security] Updated the Brave Wallet transaction confirmation panel to show the full network name. (#25105)
[Security] Fixed misleading signing request message in Brave Wallet. (#24816)…..

Keep IT Lean, Clean and Mean!

October 25th 2022

Chrome/107.0.5304.62 Stable Released

Security:

High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team on 2022-09-30

High CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-08-19

High CVE-2022-3654: Use after free in Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-09-19

Medium CVE-2022-3655: Heap buffer overflow in Media Galleries. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11

Medium CVE-2022-3656: Insufficient data validation in File System. Reported by Ron Masas, Imperva on 2022-07-18

Medium CVE-2022-3657: Use after free in Extensions. Reported by Omri Bushari, Talon Cyber Security on 2022-08-09

Medium CVE-2022-3658: Use after free in Feedback service on Chrome OS. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-14

Medium CVE-2022-3659: Use after free in Accessibility. Reported by @ginggilBesel on 2022-08-23

Medium CVE-2022-3660: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2022-05-20

Low CVE-2022-3661: Insufficient data validation in Extensions. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2022-08-04

More info: https://chromereleases.googleblog.com/

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723

Chrome 107.0.5304.87/ 88 Stable Desktop released
27th October 2022

Security Fix:

High CVE-2022-3723: Type Confusion in V8. Reported by Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast on 2022-10-25

ref: https://chromereleases.googleblog.com/

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723

Brave Browser Desktop Update

v1.45.116 Oct 28th, 2022

Release Notes:

Fixed tab hover preview not being shown correctly when “Card with preview” is selected for the “Tab hover mode” setting under brave://settings/appearance. (#26251)
Upgraded Chromium to 107.0.5304.91….

Ref: https://brave.com/latest/

Keep IT Lean, Clean and Mean!

Brave 1.45.118 Released
2nd November 2022
https://brave.com/latest/

Release Notes v1.45.118 (Nov 2nd, 2022)

[Security] Fixed download crash which occurred in certain cases as reported on HackerOne by rebane2001. (#26384)

Fixed crash caused by Crypto.com widget on the New Tab Page. (#26412)

Fixed shields not blocking WebSocket connections when adding custom filter under brave://settings/shields/filters. (#26285)

Keep IT Lean, Clean and Mean!

8th November 2022
Chrome Update to 107.0.5304.107
https://chromereleases.googleblog.com/

High CVE-2022-3885: Use after free in V8. Reported by gzobqq@ on 2022-10-24

High CVE-2022-3886: Use after free in Speech Recognition. Reported by anonymous on 2022-10-10

High CVE-2022-3887: Use after free in Web Workers. Reported by anonymous on 2022-10-08

High CVE-2022-3888: Use after free in WebCodecs. Reported by Peter Nemeth on 2022-10-16

High CVE-2022-3889: Type Confusion in V8. Reported by anonymous on 2022-11-01

High CVE-2022-3890: Heap buffer overflow in Crashpad. Reported by anonymous on 2022-11-01

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723

Brave 1.45.123 Released
9th November 2022
Release Notes: https://brave.com/latest/

Upgraded Chromium to 107.0.5304.110. (Changelog for 107.0.5304.110)

Keep IT Lean, Clean and Mean!

Brave v1.45.127 Released
15th November 2022
https://brave.com/latest/

Release Notes v1.45.127 (Nov 15th, 2022)
Added Solana NFT support in Brave Wallet.

Updated default search engine to Brave Search for new installations in certain regions.

Removed FTX widget from the New Tab Page and widget gallery.

Fixed issue where Brave Rewards appears disabled in certain cases.

Internal bug fixes to the browser then…

Keep IT Lean, Clean and Mean!

Brave 1.45.131 Released
22nd November 2022
https://brave.com/latest/

Added header for search.brave.com so Brave Search is aware when Brave Ads are enabled. (#25430)

Fixed issue where farbling protections for screen resolution and coordinates were incorrectly being applied to extension pages. (#26715)

Keep IT Lean, Clean and Mean!

Chrome Update for another Zero-day!
24th November 2022

Chrome 107.0.5304.121/.122 for Windows and Chrome 107.0.5304.121 for mac/ Linux

https://chromereleases.googleblog.com/

High CVE-2022-4135: Heap buffer overflow in GPU. Reported by Clement Lecigne of Google’s Threat Analysis Group on 2022-11-22

Patch ASAP!

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723

Brave 1.45.133 Released
25th November 2022
Ref: https://brave.com/latest/

Upgraded Chromium to 107.0.5304.141. (#26965) (Changelog for 107.0.5304.141)

Addresses exploited Zero-day, update ASAP!

Keep IT Lean, Clean and Mean!

Chrome 108.0.5359.71/ 72 Released
29th November 2022
https://chromereleases.googleblog.com/

This update includes 28 security fixes…/

High CVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2022-10-27

High CVE-2022-4175: Use after free in Camera Capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-11-04

High CVE-2022-4176: Out of bounds write in Lacros Graphics. Reported by @ginggilBesel on 2022-09-08

High CVE-2022-4177: Use after free in Extensions. Reported by Chaoyuan Peng (@ret2happy) on 2022-10-28

High CVE-2022-4178: Use after free in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2022-10-18

High CVE-2022-4179: Use after free in Audio. Reported by Sergei Glazunov of Google Project Zero on 2022-10-24

High CVE-2022-4180: Use after free in Mojo. Reported by Anonymous on 2022-10-26

High CVE-2022-4181: Use after free in Forms. Reported by Aviv A. on 2022-11-09

Medium CVE-2022-4182: Inappropriate implementation in Fenced Frames. Reported by Peter Nemeth on 2022-09-28

Medium CVE-2022-4183: Insufficient policy enforcement in Popup Blocker. Reported by David Sievers on 2021-09-22

Medium CVE-2022-4184: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-09-01

Medium CVE-2022-4185: Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer) on 2022-10-10

Medium CVE-2022-4186: Insufficient validation of untrusted input in Downloads. Reported by Luan Herrera (@lbherrera_) on 2022-10-21

Medium CVE-2022-4187: Insufficient policy enforcement in DevTools. Reported by Axel Chong on 2022-11-04

Medium CVE-2022-4188: Insufficient validation of untrusted input in CORS. Reported by Philipp Beer (TU Wien) on 2022-06-30

Medium CVE-2022-4189: Insufficient policy enforcement in DevTools. Reported by NDevTK on 2022-07-15

Medium CVE-2022-4190: Insufficient data validation in Directory. Reported by Axel Chong on 2022-10-27

Medium CVE-2022-4191: Use after free in Sign-In. Reported by Jaehun Jeong(@n3sk) of Theori on 2022-10-12

Medium CVE-2022-4192: Use after free in Live Caption. Reported by Samet Bekmezci @sametbekmezci on 2022-07-14

Medium CVE-2022-4193: Insufficient policy enforcement in File System API. Reported by Axel Chong on 2022-08-19

Medium CVE-2022-4194: Use after free in Accessibility. Reported by Anonymous on 2022-10-03

Medium CVE-2022-4195: Insufficient policy enforcement in Safe Browsing. Reported by Eric Lawrence of Microsoft on 2022-10-06…

Brave 1.46.133 Released
1st December 2022
Ref: https://brave.com/latest/

Due to a much larger changelog, this has been reduced for security and fixes for a quick guide

….Security: Disabled block element picker in Private Windows as reported on HackerOne by xiaoyinl.

Enabled ENS L2 resolution for Brave Wallet.

Enabled HTTPS-Only mode for Private Windows with Tor.

Fixed broken “Add” button when adding a custom asset to Brave Wallet.

Fixed incorrect rendering of ERC20 “Approve” amount on Brave Wallet panel.

Fixed NFT images not loading in the Brave Wallet panel.

Fixed cursor position when editing Brave Wallet restore words.

Fixed the fiat currency selector not working on the “Fund” screen of Brave Wallet.

Fixed incorrect base currency being displayed on the Brave Wallet Market tab.

Fixed address validation not being called after switching Brave Wallet accounts.

Fixed broken “first” link for “Sign Transaction” in Brave Wallet panel.

Fixed incorrect placeholder text for password input field in Brave Wallet.

Fixed x-ipfs-path handling for redirecting URLs without a DNS record.

Fixed crash on https://d3ward.github.io/toolz/adblock when “RU Adlist” is enabled under brave://settings/shields/filters.

Fixed HTTPSE redirects taking precedence over adblock redirects.

Fixed incorrect button color on toolbar when certain themes are applied.

Fixed drag and drop indicator not disappearing from sidebar after drag and drop is complete.

Upgraded Chromium to 108.0.5359.71…

more listed additions/ removals and updates available on brave website.

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723

IMPORTANT! Update ASAP

Chrome 108.0.5359.94/95 Released
2nd December 2022
https://chromereleases.googleblog.com/

High CVE-2022-4262: Type Confusion in V8. Reported by Clement Lecigne of Google’s Threat Analysis Group on 2022-11-29…

Brave 1.46.134 Released
3rd December, 2022
https://brave.com/latest/

Upgraded to Chromium 108.0.5359.94
(Changelog for 108.0.5359.94)

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723

Chrome 108.0.5359.98/ 99 Released
7th December 2022
https://chromereleases.googleblog.com/

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723

Brave/1.46.138 released
7th December 2022
https://brave.com/latest/

Fixed performance issue where fingerprint farbling caused some sites to load slowly or not at all. (#26700)

Keep IT Lean, Clean and Mean!

Chrome/108.0.5359.124/ 125 update released
Tuesday13th December 2022
https://chromereleases.googleblog.com/

8 Security Fixes:

High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15

High CVE-2022-4437: Use after free in Mojo IPC. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-11-30

High CVE-2022-4438: Use after free in Blink Frames. Reported by Anonymous on 2022-11-07

High CVE-2022-4439: Use after free in Aura. Reported by Anonymous on 2022-11-22

Medium CVE-2022-4440: Use after free in Profiles. Reported by Anonymous on 2022-11-09

Brave v1.46.144 released
Wednesday 14th December 2022
https://brave.com/latest/

Release Notes:

Updated Brave Wallet to sign Solana transactions with selected account instead of fee payer. (#27051)

Updated Brave Wallet to not use first available pubkey as the “To” address for Solana unknown instructions. (#27187)

Updated the “Learn more” link on the Windows 7 and 8.1 deprecation infobar. (#27176)

Disabled Manifest V2 deprecation warning message. (#26207)

Fixed crash when re-opening Brave News from the “Customize Dashboard” modal after following a source. (#26876)

Fixed issue where some websites failed to load when brave://flags#brave-block-screen-fingerprinting is enabled. (#27021)

Upgraded Chromium to 108.0.5359.128. (#27351) (Changelog for 108.0.5359.128)

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723

Brave 1.46.153 Released
Friday 6th Jan 2023
https://brave.com/latest/

AND they are a year out!

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723

Chrome109.0.5414.74/75 update released
Tuesday10th January 2023
https://chromereleases.googleblog.com/

Security Fixes

[1353208] High CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16

[1382033] High CVE-2023-0129: Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07

[1370028] Medium CVE-2023-0130: Inappropriate implementation in Fullscreen API. Reported by Hafiizh on 2022-09-30

[1357366] Medium CVE-2023-0131: Inappropriate implementation in iframe Sandbox. Reported by NDevTK on 2022-08-28

[1371215] Medium CVE-2023-0132: Inappropriate implementation in Permission prompts. Reported by Jasper Rebane (popstonia) on 2022-10-05

[1375132] Medium CVE-2023-0133: Inappropriate implementation in Permission prompts. Reported by Alesandro Ortiz on 2022-10-17

[1385709] Medium CVE-2023-0134: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17

[1385831] Medium CVE-2023-0135: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18

[1356987] Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API. Reported by Axel Chong on 2022-08-26

[1399904] Medium CVE-2023-0137: Heap buffer overflow in Platform Apps. Reported by avaue and Buff3tts at S.S.L. on 2022-12-10

[1346675] Low CVE-2023-0138: Heap buffer overflow in libphonenumber. Reported by Michael Dau on 2022-07-23

[1367632] Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads. Reported by Axel Chong on 2022-09-24

[1326788] Low CVE-2023-0140: Inappropriate implementation in File System API. Reported by harrison.mitchell, cybercx.com.au on 2022-05-18

[1362331] Low CVE-2023-0141: Insufficient policy enforcement in CORS. Reported by scarlet on 2022-09-12

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Cybertooth

Brave 1.47.171 Released
January 12th 2023
https://brave.com/latest/
See official site for extensive release notes…

Brave Security Fixes:

….[Security] Fixed Brave Wallet showing wrong network when signing DApp messages or transactions. (#26476)

[Security] Added mixed content check for “.onion” URLs as reported on HackerOne by xiaoyinl. (#25939)

[Security] Improved browser privacy by reducing high resolution timer precision as reported on HackerOne by joe12387. (#24681)

[Security] Fixed Brave Today opening non-HTTP or non-HTTPS URLs as reported on HackerOne by nishimunea. (#27602)…..

….Upgraded Chromium to 109.0.5414.87. (#27710)…

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723

Chrome 109.0.5414.119/ 120 released
24th January 2023
https://chromereleases.googleblog.com/

Security Fix Summary:

High CVE-2023-0471: Use after free in WebTransport.

High CVE-2023-0472: Use after free in WebRTC.

Medium CVE-2023-0473: Type Confusion in ServiceWorker API.

Medium CVE-2023-0474: Use after free in GuestView.

Brave1.47.186 Released
25th January 2023
https://brave.com/latest/

Release Note Summary:

Added the ability to dismiss the end of support message on both Windows 7 and 8.1

Fixed crash when viewing sync QR code in certain cases

Fixed crash in “DomainBlockNavigationThrottle”

Fixed some “$removeparam” filter rules not being applied to document requests

Upgraded Chromium to 109.0.5414.119…

Keep IT Lean, Clean and Mean!

7th February 2023

Google Chrome Update 110.0.5481.77/.78
Release Notes:
https://chromereleases.googleblog.com/

Brave Update 1.48.158
Release Notes:
https://brave.com/latest/

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723

Wed 15th February 2023
Brave1.48.164
https://brave.com/latest/

Thu 16th February 2023
Google Chrome 110.0.5481.104
https://chromereleases.googleblog.com/

Both updated to Chromium 110.0.5481.100

Brave (Windows Only) v1.48.167
16th February, 2023
https://brave.com/latest/

Keep IT Lean, Clean and Mean!

Wednesday 22nd February 2023
Chrome Update 110.0.5481.177/ 178
https://chromereleases.googleblog.com/

Security Fixes:
Critical CVE-2023-0941: Use after free in Prompts.
High CVE-2023-0927: Use after free in Web Payments API.
High CVE-2023-0928: Use after free in SwiftShader.
High CVE-2023-0929: Use after free in Vulkan
High CVE-2023-0930: Heap buffer overflow in Video
High CVE-2023-0931: Use after free in Video
High CVE-2023-0932: Use after free in WebRTC
Medium CVE-2023-0933: Integer overflow in PDF

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723

Thursday 24th February 2023
Brave v1.48.171 released
https://brave.com/latest/

[Security] Perform download safety check even when user is prompted for save location as reported on HackerOne by ameenbasha. (#28079)……/
/…Upgraded Chromium to 110.0.5481.177. (#28690) (Changelog for 110.0.5481.177)

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723

7th March 2023
Chrome 111.0.5563.64/65 Released

Various scope of CVE security updates listed within:
https://chromereleases.googleblog.com/

HIGH:
CVE-2023-1213: Use after free in Swiftshader.
CVE-2023-1214: Type Confusion in V8
CVE-2023-1215: Type Confusion in CSS.
CVE-2023-1216: Use after free in DevTools
CVE-2023-1217: Stack buffer overflow in Crash reporting.
CVE-2023-1218: Use after free in WebRTC.
CVE-2023-1219: Heap buffer overflow in Metrics
CVE-2023-1220: Heap buffer overflow in UMA

MEDIUM:
CVE-2023-1221: Insufficient policy enforcement in Extensions API.
CVE-2023-1222: Heap buffer overflow in Web Audio API
CVE-2023-1223: Insufficient policy enforcement in Autofill
CVE-2023-1224: Insufficient policy enforcement in Web Payments API
CVE-2023-1225: Insufficient policy enforcement in Navigation
CVE-2023-1226: Insufficient policy enforcement in Web Payments API
CVE-2023-1227: Use after free in Core.
CVE-2023-1228: Insufficient policy enforcement in Intents
CVE-2023-1229: Inappropriate implementation in Permission prompts
CVE-2023-1230: Inappropriate implementation in WebApp Installs
CVE-2023-1231: Inappropriate implementation in Autofill

LOW:
CVE-2023-1232: Insufficient policy enforcement in Resource Timing
CVE-2023-1233: Insufficient policy enforcement in Resource Timing
CVE-2023-1234: Inappropriate implementation in Intents
CVE-2023-1235: Type Confusion in DevTools
CVE-2023-1236: Inappropriate implementation in Internals.

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723

9th March 2023
Brave 1.49.120 released
Security, Web3, Brave Rewards and General Updates
now based on Chromium 111.0.5563.64
https://brave.com/latest/

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723

21st March 2023
Chrome 111.0.5563.110/ 111 Released
https://chromereleases.googleblog.com/
Abbreviated scope of CVE security updates listed within:

HIGH:
CVE-2023-1528: Use after free in Passwords.
CVE-2023-1529: Out of bounds memory access in WebHID.
CVE-2023-1530: Use after free in PDF.
CVE-2023-1531: Use after free in ANGLE.
CVE-2023-1532: Out of bounds read in GPU Video
CVE-2023-1533: Use after free in WebProtect.
CVE-2023-1534: Out of bounds read in ANGLE.

22nd March 2023
Brave 1.49.128 Released
https://brave.com/latest/
Various fixes and additions whilst upgraded Chromium to 111.0.5563.110

Keep IT Lean, Clean and Mean!

1 user thanked author for this post.

Alex5723