Google has released Chrome 130, addressing 17 security vulnerabilities in the popular web browser. This latest update, version 130.0.6723.58/.59 for Windows and Mac and 130.0.6723.58 for Linux is being rolled out gradually to users over the coming days and weeks.
Among the 17 security fixes, several were contributed by external researchers and classified according to severity.
The most critical vulnerability, rated as high severity, is CVE-2024-9954, a use-after-free flaw in the AI component of Chrome. This vulnerability was reported by a researcher known as DarkNavy and earned a substantial bounty of $36,000.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide(PDF)
- CVE-2024-9954: High severity – Use after free in AI
- CVE-2024-9955: Medium severity – Use after free in Web Authentication
- CVE-2024-9956: Medium severity – Inappropriate implementation in Web Authentication
- CVE-2024-9957: Medium severity – Use after free in UI
- CVE-2024-9958: Medium severity – Inappropriate implementation in PictureInPicture
- CVE-2024-9959: Medium severity – Use after free in DevTools
- CVE-2024-9960: Medium severity – Use after free in Dawn
- CVE-2024-9961: Medium severity – Use after free in Parcel Tracking
- CVE-2024-9962: Medium severity – Inappropriate implementation in Permissions
- CVE-2024-9963: Medium severity – Insufficient data validation in Downloads
- CVE-2024-9964: Low severity – Inappropriate implementation in Payments
- CVE-2024-9965: Low severity – Insufficient data validation in DevTools
- CVE-2024-9966: Low severity – Inappropriate implementation in Navigations
The update also addresses multiple medium-severity vulnerabilities, including issues in Web Authentication, UI, PictureInPicture, DevTools, Dawn, and Parcel Tracking. These flaws range from use-after-free bugs to inappropriate implementations and insufficient data validation.
Google has implemented its standard practice of restricting access to detailed bug information until the majority of users have updated their browsers. This measure is designed to protect users from potential exploitation while the update is being distributed.
Chrome users are strongly advised to update their browsers as soon as possible to ensure protection against these security flaws. To update Chrome, users can navigate to the browser’s settings, click on “About Chrome,” and allow the browser to check for and install any available updates.
This release underscores Google’s ongoing commitment to browser security and the importance of its bug bounty program in identifying and addressing potential vulnerabilities.
The company has expressed gratitude to all security researchers who contributed to making Chrome more secure during its development cycle.
Strategies to Protect Websites & APIs from Malware Attack => Free Webinar