Chrome Security Update: Patch for Multiple Vulnerabilities

   August 7, 2024  Posted in GBHackers


Google has announced a critical security update for its Chrome browser, addressing several vulnerabilities that malicious actors could exploit.

The Stable channel has been updated to version 127.0.6533.99/.100 for Windows and Mac and 127.0.6533.99 for Linux. This update will be rolled out over the coming days and weeks.

Security Fixes and Rewards

The latest Chrome update includes five significant security fixes, with contributions from external security researchers. The details of these fixes are as follows:

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

  1. Critical CVE-2024-7532: Out-of-bounds memory access in ANGLE, reported by wgslfuzz on July 2, 2024.
  2. High CVE-2024-7533: Use after free in Sharing, reported by lime(@limeSec_) from the TIANGONG Team of Legendsec at QI-ANXIN Group on July 17, 2024. This fix earned a reward of $11,000.
  3. High CVE-2024-7550: Type Confusion in V8, reported by Zhenghang Xiao (@Kipreyyy) on July 25, 2024, with a reward of $7,000.
  4. High CVE-2024-7534: Heap buffer overflow in Layout, reported by Tashita Software Security on July 11, 2024.
  5. High CVE-2024-7535: Inappropriate implementation in V8, reported by Tashita Software Security on July 12, 2024.
  6. High CVE-2024-7536: Use after free in WebAudio, reported by Cassidy Kim (@cassidy6564) on July 23, 2024.

Google has noted that access to bug details and links may be restricted until most users are updated with the fix. This precautionary measure ensures that malicious actors do not exploit these vulnerabilities before users can update their browsers.

Additionally, restrictions will remain if the bug exists in a third-party library that other projects similarly depend on but have not yet fixed.

Google expressed gratitude to all security researchers who collaborated during the development cycle to prevent security bugs from reaching the stable channel.

The company encourages users interested in switching release channels to learn how to do it on their official page.

They also invite users to report new issues by filing a bug or seeking assistance through the community help forum. Users can visit the Chrome Security Page for more information on the security fixes and to stay updated on future releases.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access



Source link