Google Chrome customers should rush to replace their programs with the most recent browser launch because the tech large patched quite a few safety vulnerabilities. Alongside different flaws, Google additionally patched a Chrome zero-day, confirming energetic exploitation of the flaw.
Google Chrome Newest Launch Patched A Zero-Day and Different Flaws
In accordance with a current Chrome launch weblog, Google has addressed 38 completely different safety vulnerabilities in its Chrome browser, together with a zero-day. This enormous variety of safety fixes is fairly uncommon for Google Chrome, making this replace important for all customers.
Particularly, 20 of the 38 vulnerabilities had been reported by exterior safety researchers, with the remainder being reported by Google’s group. These embrace 7 high-severity vulnerabilities, 9 medium-severity points, and 4 low-severity safety flaws.
Whereas the tech large, sustaining its ordinary follow, didn’t share particulars concerning the flaws, the advisory briefly described the kind of vulnerabilities and acknowledged the researchers. A few of these vulnerabilities even made the researchers win hefty bug bounties; under, we checklist just a few of them.
- CVE-2024-7964 (high-severity): A use-after-free vulnerability in Passwords. Google rewarded the nameless researcher with a $36000 bounty for reporting this flaw.
- CVE-2024-7965 (excessive severity): An inappropriate implementation within the V8 element that made the researcher with the alias “TheDog” win a $11000 bounty for reporting the flaw.
- CVE-2024-7966 (excessive severity): An out-of-bounds reminiscence entry in Skia, which caught the eye of safety researcher Renan Rios. Google awarded a $10000 bounty to Rios for this bug report.
- CVE-2024-7972 (medium severity): One other inappropriate implementation in V8 reported by the researcher Simon Gerst, who obtained a $11000 bounty.
Probably the most noteworthy point out amongst all safety vulnerabilities addressed with this Chrome replace is the zero-day flaw. Recognized as CVE-2024-7971, Google described it as a high-severity kind confusion vulnerability in V8. Whereas hiding main particulars, the tech large confirmed that it detected energetic exploitation makes an attempt for this flaw within the wild. Google credited the Microsoft Menace Intelligence Heart (MSTIC) and Microsoft Safety Response Heart (MSRC) for reporting this vulnerability.
Google rolled out all these safety fixes with Chrome for Desktop, Chrome 128.0.6613.84 (Linux), and 128.0.6613.84/.85 (Home windows, Mac) launch. Furthermore, the tech large additionally launched these safety patches with Chrome 128 (128.0.6613.88) for Android. Thus, all desktop and Android customers operating Chrome browsers should promptly replace their units to keep away from potential threats.
Tell us your ideas within the feedback.