Google Chrome 127 Released With Fix for Vulnerabilities

   July 24, 2024  Posted in CyberSecurityNews


Google has announced the release of Chrome 127, which is now available on the Stable channel for Windows, Mac, and Linux.

The new version, 127.0.6533.72/73 for Windows and Mac and 127.0.6533.72 for Linux, will be rolled out over the coming days and weeks. This update addresses multiple security vulnerabilities, including several high-risk issues that could lead to browser crashes.

EHA

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Security Fixes and Rewards

The latest update includes 24 security fixes, with significant contributions from external researchers. While access to specific bug details and links may be restricted until a majority of users have updated, Google has highlighted several key fixes:

  • CVE-2024-6988: Use after free in Downloads, reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group, with a reward of $11,000.
  • CVE-2024-6989: Use after free in Loader, reported by an anonymous researcher, rewarded $8,000.
  • CVE-2024-6991: Use after free in Dawn, reported by wgslfuzz.
  • CVE-2024-6992: Out of bounds memory access in ANGLE, reported by Xiantong Hou of Wuheng Lab and Pisanbao.
  • CVE-2024-6993: Inappropriate implementation in Canvas, reported by an anonymous researcher.
  • CVE-2024-6994: Heap buffer overflow in Layout, reported by Huang Xilin of Ant Group Light-Year Security Lab, rewarded $8,000.
  • CVE-2024-6995: Inappropriate implementation in Fullscreen, reported by Alesandro Ortiz, rewarded $6,000.
  • CVE-2024-6996: Race in Frames, reported by Louis Jannett (Ruhr University Bochum), rewarded $5,000.
  • CVE-2024-6997: Use after free in Tabs, reported by Sven Dysthe (@svn-dys), rewarded $3,000.
  • CVE-2024-6998: Use after free in User Education, reported by Sven Dysthe (@svn-dys), rewarded $2,000.
  • CVE-2024-6999: Inappropriate implementation in FedCM, reported by Alesandro Ortiz, rewarded $2,000.
  • CVE-2024-7000: Use after free in CSS, reported by an anonymous researcher, rewarded $500.
  • CVE-2024-7001: Inappropriate implementation in HTML, reported by Jake Archibald.

These high-severity vulnerabilities could allow attackers to execute arbitrary code, cause browser crashes, or gain unauthorized access to sensitive information.

Additionally, several other vulnerabilities were addressed, ranging from medium to low severity, and the reporting researchers were rewarded accordingly.

Google’s internal security efforts also contributed to this release, with various fixes stemming from internal audits, fuzzing, and other initiatives. Tools such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL played crucial roles in identifying and mitigating these security issues.

Users are strongly encouraged to update their Chrome browsers to the latest version to benefit from these critical security fixes. Keeping the browser updated enhances security and ensures improved stability and performance.

Users can refer to the Chrome Security Page and the official release notes for more detailed information on the changes and security fixes included in this release.

As always, users who encounter any new issues with Chrome 127 are encouraged to report them through Google’s bug reporting system or seek assistance through the community help forum.

To check if your Chrome browser is updated to version 127, you can follow these steps:

  1. Open Google Chrome on your device.
  2. Click on the three-dot menu icon in the top-right corner of the browser window.
  3. From the dropdown menu, select “Help” and then click on “About Google Chrome”.
  4. A new tab will open showing your current Chrome version. If you’re on version 127, it will be displayed here.
  5. Chrome will automatically check for updates when you’re on this page. If an update is available, it will download and install automatically.
  6. After the update is complete, you may need to click “Relaunch” to apply the changes.

For specific devices:

  • On Android: Open Chrome, tap the three-dot menu, go to Settings > About Chrome > Application version.
  • On iOS: Open Chrome, tap the three-dot menu, go to Settings > Google Chrome to see the version number.
  • On Windows/Mac: The process is the same as described in steps 1-4 above.

Alternatively, you can type “chrome://version” in the Chrome address bar on any platform to see detailed version information.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo



Source link