Google has released a critical security update for its Chrome browser, addressing several vulnerabilities, including two high-severity type confusion flaws in the V8 JavaScript engine.
The update, which brings Chrome to version 129.0.6668.100/.101 for Windows and Mac and 129.0.6668.100 for Linux, includes three security fixes contributed by external researchers.
The most severe vulnerabilities, CVE-2024-9602 and CVE-2024-9603, are type confusion flaws in V8, which, if exploited, could allow for arbitrary code execution.
What is Type Confusion?
Type confusion arises when accessing a resource with an incompatible type, causing unexpected behavior and security risks.
This vulnerability can manifest in applications that interpret the same variable or memory location differently, including languages like PHP and Perl.
Type confusion can be exploited by attackers to corrupt memory and execute arbitrary code.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
These vulnerabilities were reported by Seunghyun Lee (@0x10n) and @WeShotTheMoon and @Nguyen Hoang Thach of Starlabs, respectively, and have been rated as high severity due to their potential impact on system confidentiality and integrity.
Google has withheld the full technical details of these vulnerabilities until a majority of users have updated to the latest version of Chrome, to prevent exploitation in the wild.
However, the company has emphasized the importance of updating to the latest version as soon as possible to ensure protection against these threats.
The update also includes various fixes from internal audits, fuzzing, and other initiatives, which were detected using tools such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.
To update Chrome, users can navigate to the Help|About option in the menu, which will automatically start downloading the latest version if available. It is crucial to restart the browser after installing the update to ensure the new security patches are applied.
Given the widespread use of Chrome, with approximately 3.45 billion users, it is essential for individuals and organizations to update their browsers promptly to safeguard against potential data breaches and other cybersecurity risks.
Strategies to Protect Websites & APIs from Malware Attack => Free Webinar