Google Chrome 127 Released with a fix for 24 Security Vulnerabilities


Google has unveiled the latest version of its Chrome browser, Chrome 127, which is now available on the Stable channel.

The update, identified as version 127.0.6533.72/73 for Windows and Mac, and 127.0.6533.72 for Linux, will be rolled out over the coming days and weeks.

This release addresses 24 security vulnerabilities, enhancing the browser’s security and stability. This update includes numerous security fixes as part of Google’s commitment to user safety.

According to Google reports, external researchers were rewarded for contributing several of these fixes.

Access to bug details and links may be temporarily restricted until most users have updated their browsers. This precaution ensures that vulnerabilities are not exploited before users are protected.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

High Severity Vulnerabilities

  1. CVE-2024-6988: Use after free in Downloads, reported by lime(@limeSec_) from TIANGONG Team of Legends at QI-ANXIN Group, rewarded $11,000.
  2. CVE-2024-6989: Use after free in Loader, reported by Anonymous, rewarded $8,000.
  3. CVE-2024-6991: Use after free in Dawn, reported by wgslfuzz.
  4. CVE-2024-6992: Out-of-bounds memory access in ANGLE, reported by Xiantong Hou of Wuheng Lab and Pisanbao.
  5. CVE-2024-6993: Inappropriate implementation in Canvas, reported by Anonymous.

Medium Severity Vulnerabilities

  1. CVE-2024-6994: Huang Xilin of Ant Group Light-Year Security Lab reported heap buffer overflow in Layout, rewarded $8,000.
  2. CVE-2024-6995: Inappropriate implementation in Fullscreen, reported by Alesandro Ortiz, rewarded $6,000.
  3. CVE-2024-6996: Race in Frames, reported by Louis Jannett (Ruhr University Bochum), rewarded $5,000.
  4. CVE-2024-6997: Use after free in Tabs, reported by Sven Dysthe (@svn-dys), rewarded $3,000.
  5. CVE-2024-6998: Use after free in User Education, reported by Sven Dysthe (@svn-dys), rewarded $2,000.
  6. CVE-2024-6999: Inappropriate implementation in FedCM, reported by Alesandro Ortiz, rewarded $2,000.
  7. CVE-2024-7000: Use after free in CSS, reported by Anonymous, rewarded $500.
  8. CVE-2024-7001: Inappropriate implementation in HTML, reported by Jake Archibald.

Low Severity Vulnerabilities

  1. CVE-2024-7003: Inappropriate implementation in FedCM, reported by Alesandro Ortiz, rewarded $2,000.
  2. CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing, reported by Anonymous.
  3. CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing, reported by Umar Farooq.

Google also acknowledged the efforts of security researchers who collaborated during the development cycle to prevent security bugs from reaching the stable channel.

Many security bugs were detected using advanced tools such as AddressSanitizer, MemorySanitizer, and libFuzzer.

For users interested in switching release channels or reporting new issues, Google provides resources and a community help forum.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo



Source link