Google Chrome Gets 6 Security Fixes to Patch High-Severity Vulnerabilities



Google is rolling out Chrome updates for desktop users to address six security issues, four of which were found by external researchers and rated high-severity vulnerabilities.The issues include a “user after free” vulnerability CVE-2024-5157, a “type confusion” flaw CVE-2024-5158, and two “heap buffer overflow” issues. Use-after-free vulnerabilities are memory corruption issues that could be exploited by threat actors if left unpatched. Type confusion bugs have been found before in Chromium-based based browsers, and exist in the V8 Javascript engine. Attackers could exploit a type confusion bug by triggering the bug with an HTML page, cybersecurity firm SocRadar explained in a post last year.One of the heap buffer overflow issues, CVE-2024-5159, was found in Chrome’s graphics layer engine Angle. The other, CVE-2024-5160, was found in Dawn, Google’s WebGPU standard. The four security vulnerabilities were reported within the past five weeks. Google has already rewarded three of the external researchers so far for their findings, giving out $26,000 in total. Windows and Mac users will get the fixes in the 125.0.6422.76/.77 versions of Chrome, while Linux users will see the fixes reflected in the 125.0.6422.76 Chrome version. Google says these new Chrome versions will be released in “the coming days/weeks.” SecurityWeek first reported the news of Chrome’s 125 latest update.

Recommended by Our Editors

Earlier this month, Google released an emergency fix for another Chrome bug, CVE-2024-4671, which was also given a high-severity rating. This flaw was also a “use after free” bug, which could have been exploited to install malware, for example. Google said at the time it was aware that an exploit for the vulnerability “exists in the wild.”

Get Our Best Stories!
Sign up for What’s New Now to get our top stories delivered to your inbox every morning.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

We will be happy to hear your thoughts

Leave a reply

AnsarSales
Logo
Compare items
  • Total (0)
Compare
0
Shopping cart