Google has released a critical security update for its Chrome browser, addressing multiple high-severity vulnerabilities that could potentially allow attackers to execute arbitrary code on users’ systems.
The latest stable channel update, version 129.0.6668.89/.90 for Windows and Mac and 129.0.6668.89 for Linux, is being rolled out to users worldwide.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
Critical Vulnerabilities Uncovered
Three of the four security fixes in this update were reported by external security researchers, highlighting the importance of collaborative efforts in maintaining browser security. The most severe vulnerabilities include:
- Integer Overflow in Layout (CVE-2024-7025): Discovered by Tashita Software Security, this high-severity flaw could allow attackers to execute arbitrary code or cause a denial of service.
- Insufficient Data Validation in Mojo (CVE-2024-9369): Reported by researchers from Wuheng Lab, this vulnerability in Chrome’s IPC library could potentially lead to sensitive information leaks or privilege escalation.
- Inappropriate Implementation in V8 (CVE-2024-9370): Identified by researchers from STAR Labs SG Pte. Ltd., this issue in Chrome’s JavaScript engine could enable malicious actors to manipulate web content or execute arbitrary code.
Google’s Chrome Vulnerability Rewards Program (VRP) has been instrumental in identifying and addressing these security issues. The program, which has been running for 14 years, offers rewards of up to $250,000 for discovering and reporting critical vulnerabilities.
To encourage more thorough research, Google has recently updated its reward structure. For instance, discovering a Remote Code Execution (RCE) vulnerability could now earn researchers up to $250,000, while identifying a controlled write bug could result in a reward of up to $90,000.
Chrome users are strongly advised to update their browsers immediately to protect against these potential threats. While the update process is typically automatic, users can manually check for updates by navigating to the “About Google Chrome” section in their browser settings.
As the details of these vulnerabilities remain restricted until the majority of users have updated, it’s crucial for users to act promptly to ensure their systems are protected against potential exploits.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Webinar