Google has released updates for the Chrome Stable and Extended Stable channels. The new version, 128.0.6613, is now available for Windows, Mac, and Linux users, with a staggered rollout planned over the coming days and weeks.
This update addresses four security vulnerabilities, with contributions from external researchers highlighted below. Access to detailed bug information may be restricted until the majority of users have received the update.
Highlighted Security Fixes
CVE-2024-8362: High severity “Use after free” vulnerability in WebAudio
A “Use after free” vulnerability in WebAudio typically occurs when the program uses a memory location after it has been freed or released. In the context of WebAudio, this could happen if the code that manages audio objects or buffers improperly handles their lifecycle, such as by referencing or manipulating an object that has already been deleted or freed.
This can lead to unpredictable behavior, including crashes, memory corruption, or potentially allowing an attacker to execute arbitrary code.
If an attacker can control what gets placed in the freed memory space, they could exploit this vulnerability to run malicious code with the same privileges as the user running the WebAudio process, which is why this type of vulnerability is classified as high severity.
Cassidy Kim (@cassidy6564) reported the issue on August 5, 2024, and was awarded a reward of $7,000 for their contribution.
CVE-2024-7970: High severity “Out of bounds write” vulnerability in V8
Exploiting the most severe of these vulnerabilities could enable an attacker to execute arbitrary code within the context of the currently logged-in user.
If the user has administrative privileges, the attacker could install programs, view, modify, or delete data, and even create new accounts with full user rights. However, users with accounts that have limited privileges would be less affected than those with administrative rights.
Cassidy Kim (@cassidy6564) reported the issue on August 9, 2024, with the reward still to be determined (TBD).
Google extends its gratitude to all security researchers who contributed to identifying and resolving these issues, ensuring they did not reach the stable channel.
How to Update Google Chrome
- On your computer, open Chrome.
- At the top right, click More.
- Click Help About Google Chrome.
- Click Update Google Chrome. Important: If you can’t find this button, you’re on the latest version.
- Click Relaunch.
The update should be installed soon to protect the system and browser against issues.
Download FreeIncident Response Plan Template for Your Security Team – Free Download