Google has announced a critical security update for its Chrome browser, addressing two significant vulnerabilities that could be exploited by attackers and pose serious risks to users. This update elevates the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac users, and 130.0.6723.91 for Linux. Additionally, the Extended Stable channel has been updated to version 130.0.6723.92 for Windows and Mac, with a rollout expected to continue over the coming days and weeks. As cyber threats continue to evolve, this proactive measure underscores the importance of maintaining robust security protocols in widely used platforms like Chrome.
The update addresses two specific vulnerabilities that pose substantial risks to users and their systems. The first vulnerability, identified as CVE-2024-10487, is an out-of-bounds write issue within the Dawn graphics system. If exploited, this flaw could allow attackers to write data beyond the allocated memory, potentially leading to code execution or system crashes. This vulnerability was reported by Apple Security Engineering and Architecture on October 23, 2024, revealing critical insights into the persistent challenges in web security and the need for immediate remediation. Exploiting such a vulnerability could allow malicious actors to take control of a user’s system, making it essential for users to apply the update promptly.
The second vulnerability, CVE-2024-10488, involves a use-after-free error within Chrome’s WebRTC (Web Real-Time Communication) component. This issue was reported by Cassidy Kim on October 18, 2024, and is particularly dangerous because it can allow attackers to execute arbitrary code or crash the browser by accessing memory that has already been freed. This type of vulnerability can lead to unauthorized access to sensitive user data, posing a severe threat to personal information and system integrity. The risk associated with these vulnerabilities cannot be understated, as they may enable attackers to exploit the weaknesses in Chrome to compromise user security and privacy.
To mitigate these risks effectively, Google encourages users to update their Chrome browsers immediately. The update process can be initiated manually through the browser’s settings under “About Google Chrome,” where users can check for and install any available updates. Chrome also features an automatic update mechanism that regularly checks for updates and installs them in the background, ensuring that users are always running the latest and most secure version. Google’s commitment to collaborating with security researchers to identify and resolve these vulnerabilities demonstrates its proactive approach to enhancing browser security.
Reference:
