Thursday, December 19, 2024

Google Chrome Patches Six High-Severity Vulnerabilities

Must read

Google has released a critical security update for its Chrome browser, addressing six high-severity vulnerabilities that could potentially lead to browser crashes and other serious security issues.

The update, version 126.0.6478.114/115 for Windows and Mac and 126.0.6478.114 for Linux is part of Google’s ongoing efforts to enhance the security of its widely-used web browser.

Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot

Details of the Vulnerabilities

The six vulnerabilities patched in this update include:

CVE-2024-6100: Type Confusion in V8

    • Severity: High
    • Reported by: Seunghyun Lee (@0x10n) participating in SSD Secure Disclosure’s TyphoonPWN 2024 on June 4, 2024
    • Reward: $20,000
    • Description: This vulnerability involves type confusion in the V8 JavaScript engine, which could allow attackers to execute arbitrary code within the browser’s sandbox.

    CVE-2024-6101: Inappropriate Implementation in WebAssembly

      • Severity: High
      • Reported by: @ginggilBesel on May 31, 2024
      • Reward: $7,000
      • Description: This flaw is due to inappropriate implementation in WebAssembly, potentially leading to unexpected behavior or crashes.

      CVE-2024-6102: Out of Bounds Memory Access in Dawn

        • Severity: High
        • Reported by: wgslfuzz on May 7, 2024
        • Reward: TBD
        • Description: This vulnerability involves out-of-bounds memory access in Dawn, a web graphics library, which could be exploited to cause crashes or execute arbitrary code.

        CVE-2024-6103: Use After Free in Dawn

          • Severity: High
          • Reported by: wgslfuzz on June 4, 2024
          • Reward: TBD
          • Description: This issue is a use-after-free vulnerability in Dawn, which could allow attackers to execute arbitrary code or cause the browser to crash.

          Google has emphasized the importance of applying this update as soon as possible to mitigate the risks associated with these vulnerabilities.

          The company has credited several external researchers for their contributions to identifying and reporting these issues, highlighting the collaborative nature of cybersecurity efforts.

          How to Update Chrome

          Users can update their Chrome browser by following these steps:

          1. Open Google Chrome.
          2. Click the three vertical dots in the top right corner of the window.
          3. Select “Settings.”
          4. Scroll down and click on “About Chrome.”
          5. Chrome will automatically check for updates. If an update is available, it will be downloaded and installed automatically.
          6. After the update is installed, restart your Chrome browser to apply the changes.

          This latest update is part of Google’s regular security maintenance schedule, which aims to address vulnerabilities promptly and keep users safe from potential threats.

          By following these steps, users can ensure that their Chrome browser is up to date, which is crucial for maintaining security and accessing the latest features.

          Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free

Latest article