Google Chrome 118 is a massive security update

Created on November 12, 2023 at 10:36 am

Google Chrome 118 ORG is now available. The new version of Google ORG ‘s web browser addresses 20 CARDINAL security issues in the browser, one CARDINAL of which is rated critical, and also introduces new features and changes.


Chrome ORG users may check the installed version by loading chrome://settings/help in the browser’s address bar. Selecting Menu > Help > About Google Chrome ORG opens the same page. Chrome lists its version on the page and it runs a check for updates. The new update should be picked up at that point and installed. A restart of the browser is required to complete the process.

The following versions are the latest at the time of writing:

Chrome for Mac and Linux: 118.0.5993.70

Chrome PERSON for Windows: 118.0.5993.70 and 118.0.5993.71 CARDINAL

Chrome Extended for Mac ORG : 118.0.5993.70

Chrome Extended PERSON for Windows: 118.0.5993.71 CARDINAL

Chrome PERSON for Android ORG : 118.0.5993.65 CARDINAL

Google Chrome PRODUCT


Google ORG informs users on the official Chrome Releases PERSON blog that it has patched 20 CARDINAL unique security issues in the Chrome ORG web browser. 14 CARDINAL of those are listed on the page, the remaining six CARDINAL were discovered internally.

The main issue is CVE-2023-5218 ORG . It is a critical security issue, an use after free in Site Isolation. The remaining publicly disclosed vulnerabilities have a severity rating of medium or low. They address additional use after free and heap buffer overflow issues, as well as "inappropriate implementations".

Chrome 118 is the first ORDINAL stable version of Google ORG ‘s web browser with Encrypted Client Hello PERSON support. Google ORG introduced support in Chrome Canary ORG back in 2022 DATE and has been working on the feature since.

Without going into too many details, Encrypted Client Hello PERSON protects the domain name from being leaked to network operators when users open sites and services in the browser. It improves privacy as a consequence, as network operators such as the ISP, do not know anymore which sites a user accesses. One CARDINAL effect of this is that DNS ORG -based blocking is no longer working, provided that the site and server in question support the new technology.

Mozilla ORG introduced support for Encrypted Client Hello ORG in Firefox 118 LAW and most Chromium ORG -based browsers will support the feature soon.

Another security feature gives Google ORG the ability to disable extensions remotely that were not installed from the Chrome Web Store ORG . Enhanced Safe Browsing ORG needs to be enabled in Chrome ORG for this to work and Google ORG claims that it will use the feature only to disable malicious extensions. The disabling may happen manually or through automated detection systems according to Google ORG .

Another Enhanced Safe Browsing ORG change improves the deep scanning functionality. Chrome 118 CARDINAL users may now be prompted to provide the password for an archive file to allow Safe Browsing ORG to analyze it.

Chrome PERSON is now also collecting "telemetry information about chrome.tabs API calls made by extensions" if Enhanced Safe Browsing ORG is enabled. The information is analyzed on Google ORG servers to improve the "detection of malicious and policy violating extensions".

Google ORG switched Safe Browsing ORG to real-time checks recently.

Chrome ORG users should update the browser immediately to protect it from attacks that target the patched vulnerabilities. Google ORG plans to release all future Chrome ORG releases a week early DATE , starting with Chrome 119 PRODUCT .

Summary Article Name Google Chrome 118 is a massive security update Description Google Chrome ORG

118 CARDINAL is now available. The new version of Google ORG ‘s web browser addresses 20 CARDINAL security issues and makes other changes. Author Martin Brinkmann PERSON Publisher Ghacks Technology News Logo


Connecting to Connected... Page load complete