Google has issued a critical security update for its Chrome browser, addressing three significant vulnerabilities that could potentially compromise user safety. The update, version 127.0.6533.88/89 for Windows and Mac, and 127.0.6533.88 for Linux, is being rolled out on the Stable channel and is expected to reach all users within the next few days. This update is crucial as it fixes flaws that could lead to browser crashes or more severe security breaches.
The most critical vulnerability, identified as CVE-2024-6990, involves an uninitialized use in Chrome’s Dawn graphics component. This flaw could allow attackers to exploit the browser, causing crashes or enabling them to execute arbitrary code, potentially compromising the user’s system. Dawn is an essential part of Chrome’s graphics pipeline, responsible for rendering web content efficiently. The exploitation of this vulnerability could lead to unpredictable behavior, such as unexpected browser crashes or freezes during regular use.
Two other vulnerabilities addressed in this update include CVE-2024-7255, a high-severity out-of-bounds read issue in WebTransport, and CVE-2024-7256, an issue involving insufficient data validation in Dawn. CVE-2024-7255, reported by researcher Marten Richter, could enable attackers to read sensitive information from other memory locations. Meanwhile, CVE-2024-7256 could be exploited to inject malicious data into the browser. These vulnerabilities highlight the ongoing need for vigilance and timely updates in maintaining browser security.
To mitigate risks, Google has restricted access to detailed information about these vulnerabilities until most users have updated their browsers. This measure aims to prevent potential exploitation before users can protect themselves. Google urges all Chrome users on Windows, Mac, and Linux platforms to update their browsers promptly. While the update process is generally automatic, users are encouraged to verify their browser version to ensure the update has been applied. Google’s security team extends gratitude to the researchers who reported these vulnerabilities, underscoring the community’s role in enhancing the safety and security of Chrome users worldwide.
Reference:
