Google has released Chrome 131 to the stable channel for Windows, Mac, and Linux, addressing 12 security vulnerabilities, including several high and medium-severity flaws.
This update, which will roll out over the coming days and weeks, brings important security fixes and improvements to the popular web browser.
The Chrome team highlighted several vulnerabilities that were reported by external researchers. Among the most critical is a high-severity flaw (CVE-2024-11110) related to an inappropriate implementation in Blink, Chrome’s rendering engine. This vulnerability was discovered by Vsevolod Kokorin of Solidlab.
Free Ultimate Continuous Security Monitoring Guide - Download Here (PDF)
Chrome 131 Vulnerabilities
- A medium-severity autofill implementation flaw (CVE-2024-11111)
- A use-after-free vulnerability in Media (CVE-2024-11112)
- A use-after-free issue in Accessibility (CVE-2024-11113)
- An inappropriate implementation in Views (CVE-2024-11114)
- Insufficient policy enforcement in Navigation (CVE-2024-11115)
The Chrome security team also addressed a long-standing paint implementation issue (CVE-2024-11116) and a low-severity file system implementation flaw (CVE-2024-11117).
Google has restricted access to some bug details to ensure that a majority of users can update their browsers before potential exploits become public. This precaution extends to vulnerabilities in third-party libraries that other projects may also rely on.
In addition to the externally reported vulnerabilities, the Chrome team’s internal security audits, fuzzing, and other initiatives led to various fixes. Many of these security bugs were detected using advanced tools like AddressSanitizer, MemorySanitizer, and UndefinedBehaviorSanitizer.
Chrome users are advised to update their browsers as soon as possible to protect against these security risks. The update can be initiated manually by navigating to Chrome’s settings, clicking “About Chrome,” and allowing the browser to check for and install the latest version.
As always, Google expressed gratitude to all security researchers who collaborated during the development cycle to prevent security bugs from reaching the stable channel. The company continues to offer rewards for responsibly disclosed vulnerabilities through its Chrome Vulnerability Reward Program.
With this update, Google reinforces its dedication to ensuring a secure browsing experience for its users by proactively addressing known vulnerabilities and potential security risks.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!