Chrome Use After Free Flaw Let Attackers Crash The Browser


As part of a Chrome security update, Google upgraded the Stable channels to 122.0.6261.128/.129 for Windows and Mac and 122.0.6261.128 for Linux. 

The Extended Stable channel has been updated to 122.0.6261.129 for Mac and Windows. Over the coming days and weeks, the update will be implemented.

This release includes three security fixes. Google lists only the issues disclosed by external researchers. The update will be rolled out in the upcoming days and weeks.

CVE-2024-2400 Use After Free In Performance Manager

Before 122.0.6261.128, a high-severity vulnerability identified as Use after free in Performance Manager in Google Chrome allowed a remote attacker to possibly exploit heap corruption via a crafted HTML page, causing the browser to crash.

The Performance Manager facilitates data-driven, centralized resource management, prioritizing, and planning for the Chrome browser.

Additionally, the Use-after-free is a condition in which the memory allocation is freed, but the program does not clear the pointer to that memory. This is due to incorrect usage of dynamic memory allocation during an operation. 

This problem was reported by zh1x1an1221 from Ant Group Tianqiong Security Lab. Google Chrome did not provide the details about the reward for this vulnerability.

How To Update?

To view the most recent version on desktop devices, Google Chrome users can navigate to Menu > Help > About Google Chrome or type chrome://settings/help into the address bar. 

The browser looks for updates as soon as the website is accessed; it downloads and installs any that it finds. It ought to detect and install the latest version. To finish the update, the browser must be restarted.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed”, Google said.

Google recommends that users update to the most recent version of Google Chrome to prevent exploiting vulnerabilities.

With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.





Source link