Chrome Security, Fix For Multiple Vulnerabilities

   November 20, 2024  Posted in CyberSecurityNews


Google has rolled out a crucial security update for its Chrome browser, addressing multiple vulnerabilities that could potentially compromise user safety.

The latest update, version 131.0.6778.85/.86 for Windows and Mac, and 131.0.6778.85 for Linux, is set to be distributed gradually over the coming days and weeks.

SIEM as a Service

The update includes three significant security fixes, with one particularly noteworthy vulnerability:-

  • High-Severity Vulnerability: A type confusion issue in V8, Chrome’s JavaScript engine, has been identified and patched. This vulnerability, labeled CVE-2024-11395, was reported anonymously on November 5, 2024. Google has awarded an $8,000 bounty for this critical discovery.
  • Internal Security Enhancements: Google’s internal security team has implemented various fixes resulting from audits, fuzzing, and other security initiatives.

Google’s commitment to browser security extends beyond reactive fixes. The company employs a range of advanced techniques to detect and prevent security issues:

  • AddressSanitizer
  • MemorySanitizer
  • UndefinedBehaviorSanitizer
  • Control Flow Integrity
  • libFuzzer
  • AFL (American Fuzzy Lop)

These tools help identify potential vulnerabilities before they can be exploited in the wild.

Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar

Update Rollout and User Protection

Google is taking a cautious approach to the update rollout:-

  • The company may restrict access to bug details and links until a majority of users have received the update.
  • Restrictions may remain in place if the bug affects third-party libraries used by other projects that have not yet implemented fixes.

Google has expressed gratitude to all security researchers who collaborated during the development cycle to prevent security bugs from reaching the stable channel.

This ongoing partnership between Google and the security research community plays a crucial role in maintaining Chrome’s security posture.

While Google is rolling out the update automatically, users are advised to:-

  1. Check their current Chrome version
  2. Manually update if necessary
  3. Ensure automatic updates are enabled for future security patches

By promptly applying this security update, Chrome users can significantly reduce their exposure to potential security threats and enjoy a safer browsing experience.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN -> Try for Free



Source link