In a critical update to enhance user security, Google has rolled out an emergency patch for its widely-used Chrome browser, addressing multiple high-severity vulnerabilities.
The update brings Chrome to version 130.0.6723.116, or version 130.0.6723.117, for Windows and Mac users in the Extended Stable channel.
This patch was released on November 5, 2024, following the discovery of two critical vulnerabilities, CVE-2024-10826 and CVE-2024-10827.
Chrome Vulnerabilities Patched
- CVE-2024-10826: This vulnerability involves a use-after-free bug in Chrome’s Family Experiences component, which could lead to arbitrary code execution or system compromise.
- CVE-2024-10827: The Serial component also had another use-after-free issue, which could similarly result in security breaches.
Both vulnerabilities have been classified with a high severity level, emphasizing the critical nature of their threats.
Google has confirmed that these flaws could enable attackers to execute malicious code on affected systems, potentially leading to unauthorized access or complete system compromise.
The vulnerabilities are significant because they could allow attackers to control users’ systems by exploiting memory corruption in the browser.
Visiting a malicious website can trigger these flaws, leading to remote code execution without any user interaction. Given the widespread use of Chrome, the implications are vast, affecting billions of users across different operating systems.
Google’s prompt response with an emergency patch underscores the severity of the situation. The update has been issued for Chrome on Windows, Mac, and Linux platforms. Users are strongly advised to update their browsers to the latest version to mitigate these risks.
Users are recommended to:
- Update Chrome: Ensure your browser is updated to version 130.0.6723.116 or higher.
- Enable Automatic Updates: This reduces the vulnerability window by ensuring you have the latest security patches.
- Check for Security Patches Regularly: Keep an eye on Google’s security updates for any additional measures or patches.
Chrome’s use-after-free bugs are a common source of security issues. These bugs allow software to attempt to access memory after it has been freed, often leading to crashes or allowing attackers to manipulate memory to execute arbitrary code.
Google has emphasized the importance of such updates to safeguard users against these and similar future vulnerabilities.
This update is part of Google’s ongoing commitment to browser security, reflecting the collaborative effort with security researchers to identify and fix vulnerabilities before they can be exploited in the wild.
Users are always encouraged to maintain vigilance and promptly apply such critical updates.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!