Google confirms new Chrome browser security update
It has been both the best of weeks and the worst of weeks, depending on your outlook. Microsoft has announced fixes for numerous zero-day Windows security vulnerabilities, and now Google has released an update to the Chrome web browser addressing bio less than four high-severity security issues. Here’s what you need to know and do now.
What’s New In Google Chrome 128.0.6613.137 For Windows, Mac and Linux Users?
Google has joined the bands of Microsoft and others to launch a bunch of product security updates on Patch Tuesday, and now that we have reached Exploit Wednesday, it’s important for all Chrome browser users, regardless of platform, to ensure they have the latest security update downloaded, installed and activated.
In a stable channel security update posting for desktop users of the Chrome browser, Google has confirmed that four vulnerabilities, all rated as high-severity, have been identified. This latest security update takes the application to version 128.0.6613.137 or 128.0.6613.138 for Windows and Mac users, and version 128.0.6613.137 for those with Linux installed. As always, this update will roll out across the coming days and weeks, so it is advised that you kickstart the process yourself to ensure that you are protected from the threats that Google has identified.
Google is withholding the full technical details of the security vulnerabilities that are fixed in this update, as is usual practise, until such a time as the majority of Chrome users have had the opportunity to update the software. Google also restricts access to such data if the vulnerability exists in a third-party library that could be used by other projects which may not have yet had the chance to secure.
The four high-severity security vulnerabilities, none of which are known to be exploited by attackers in the wild as of yet, are as follows:
- CVE-2024-8636 is a heap buffer overflow in the Skia 2D graphics library.
- CVE-2024-8637 is a use-after-free issue in the Chrome Media Router used for casting.
- CVE-2024-8638 is a type confusion vulnerability within the Chrome V8 JavaScript engine.
- CVE-2024-8639 is another use-after-free vulnerability, this time affecting the Autofill component.
Users are advised to update the Google Chrome browser by going to the Help|About option in the menu, and if the update is available, it will automatically start downloading. It is vital, however, to restart your browser in order to activate the security update after installing it.