Ionut Arghire reports on Google’s release of Chrome 121 to the stable channel, focusing on addressing 17 vulnerabilities, 11 of which were reported by external researchers. The update includes fixes for three high-severity bugs, with rewards totaling over $30,000 distributed to the reporting researchers. Notably, the resolved issues cover a range of vulnerabilities, including use-after-free problems, inappropriate implementations, an integer underflow, and insufficient policy enforcement.
Chrome 121’s high-severity fixes encompass a use-after-free issue in WebAudio (CVE-2024-0807), an inappropriate implementation in Accessibility (CVE-2024-0812), and an integer underflow in WebUI (CVE-2024-0808). In addition to the high-severity bugs, the update addresses six medium-severity issues and two low-severity inappropriate implementation vulnerabilities. Google, however, keeps technical details restricted at this point, and there is no indication of these vulnerabilities being exploited in the wild.
The latest version of Chrome, 121.0.6167.85 for macOS and Linux and 121.0.6167.85/.86 for Windows, is now rolling out. This update follows Google’s quick response to the first Chrome zero-day of 2024, emphasizing the company’s commitment to addressing security vulnerabilities promptly.
