The Chrome web browser has the most significant market share of them all, with 3.45 billion users, so it’s not surprising that many eyes are on the code looking for security flaws. Google has just released version 129 of Chrome, fixing nine security vulnerabilities, and users are urged to update as soon as possible. Here’s what you need to know.
What’s New In Google Chrome 129.0.6668.58 For Windows, Mac and Linux Users?
A stable channel update posting for desktop users of the Chrome web browser has announced a new version containing “a number of fixes and improvements.” You can read about Chrome developments here, and the new features of Chrome 129 are highlighted here. However, as a security guy I’m not overly interested in those for now: what I want to explain are the vulnerabilities that have been fixed and how to ensure the newly protected version of the browser is installed and activated on your device.
Chrome Security Vulnerabilities Fixed In Version 129
Google has highlighted six vulnerabilities, with one rated as high-severity. This latest security update takes the application to version 129.0.6668.58 or 129.0.6668.59 for Windows and Mac users, and version 129.0.6668.58 for those with Linux installed.
As always, this update will roll out across the coming days and weeks, so it is advised that you kickstart the process yourself to ensure that you are protected from the threats that Google has identified.
Google is withholding the full technical details of the security vulnerabilities that are fixed in this update until such a time as the majority of Chrome users have had the opportunity to update the software.
The high-severity security vulnerability, which is not flagged as already being exploited by attackers in the wild as of yet, is as follows:
- VE-2024-8904: Type Confusion in V8. Reported by Popax21 on 2024-09-08
The medium-severity security vulnerabilities are:
- CVE-2024-8905: Inappropriate implementation in V8. Reported by Ganjiang Zhou of ChaMd5-H1 team on 2024-08-15
- CVE-2024-8906: Incorrect security UI in Downloads. Reported by @retsew0x01 on 2024-07-12
- CVE-2024-8907: Insufficient data validation in Omnibox. Reported by Muhammad Zaid Ghifari on 2024-08-18
The low-severity security vulnerabilities are:
- CVE-2024-8908: Inappropriate implementation in Autofill. Reported by Levit Nudi from Kenya on 2024-04-26
- CVE-2024-8909: Inappropriate implementation in UI. Reported by Shaheen Fazim on 2024-05-18
Update Chrome Now—Here’s How To Ensure Your Browser Is Secure
Users are advised to update the Google Chrome browser by going to the Help|About option in the menu. If the update is available, it will automatically start downloading.
However, it is vital to restart your browser after installing the security update, or you won’t be protected by the new security patches.