Chrome Flaw Let Attacker Corrupt Memory via Crafted HTML Page


Google has updated the Stable channels to 121.0.6167.85 for Mac and Linux and 121.0.6167.85/.86 for Windows as part of a security update for Chrome.

There are 17 security fixes in this update. The upgrade will be rolled out over the coming few days and weeks.

High-Severity Flaws Addressed

A high-severity issue was identified as CVE-2024-0807, Use after free in WebAudio. This allowed a remote attacker to possibly exploit heap corruption via a crafted HTML page. 

Google awarded a $11000 bounty after Huang Xilin of Ant Group Light-Year Security Lab reported it.

The vulnerability identified as Inappropriate implementation in accessibility (CVE-2024-0812) was determined to have a high severity. 

This allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Google announced a $9000 reward and stated the reporter was anonymous.

CVE-2024-0808, Integer underflow in WebUI, was found to be a high-severity issue. This enabled a remote attacker to potentially exploit heap corruption via a malicious file. A $6000 bounty was issued by Google, as reported by Lyra Rebane (rebane2001).

Medium and Low-Severity Flaws Addressed

The Medium-severity bugs addressed in this update are listed below:

CVE-2024-0810 – Insufficient policy enforcement in DevTools, CVE-2024-0814 – Incorrect security UI in Payments, CVE-2024-0813 – Use after free in Reading Mode.

CVE-2024-0806 – Use after free in Passwords, CVE-2024-0805 – Inappropriate implementation in Downloads, and CVE-2024-0804 – Insufficient policy enforcement in iOS Security UI.

The Low- severity bugs addressed in this update are listed below:

CVE-2024-0811 – Inappropriate implementation in Extensions API and CVE-2024-0809 – Inappropriate implementation in Autofill.

Chrome Security Update

  • Mac and Linux (121.0.6167.85)
  • Windows (121.0.6167.85/.86)

Google recommended users update to the most recent patched version of Chrome as soon as possible to lessen security risks.

Update Now!

To update the Chrome web browser, you have to follow a few simple steps that we have mentioned below:-  

  • Go to the Settings option.
  • Then select About Chrome.
  • Now, you must wait, as Chrome will automatically fetch and download the latest update.
  • Then, wait for the latest version to be installed.
  • Once the installation process is complete, you will have to restart Chrome.
  • That’s it. Now you are done.



Source link