On September 3, 2024, Google announced the release of two significant updates for Chrome 128, aimed at addressing a total of six high-severity vulnerabilities identified by external researchers. The updates come in response to critical security flaws affecting both the V8 JavaScript engine and the Skia graphics library. The initial update, deployed last week, focused on four severe memory safety issues. These included two type confusion vulnerabilities and a heap buffer overflow within the V8 engine, along with a heap buffer overflow in the Skia graphics library.
The most recent update, released on Monday, further addressed four additional vulnerabilities. This includes a use-after-free error in WebAudio, which earned a $7,000 bug bounty, and an out-of-bounds write flaw in the V8 engine. The reward for the V8 vulnerability is still to be determined. The updates are now available in Chrome versions 128.0.6613.119/.120 for Windows and macOS, and version 128.0.6613.119 for Linux.
Google’s swift action underscores the urgency of maintaining updated software to protect against potential security threats. While there is no indication that these vulnerabilities have been exploited in the wild, the company’s proactive approach highlights the importance of applying updates promptly. Users are encouraged to ensure their browsers are updated to the latest versions to safeguard against these high-severity issues.
The release of these updates reflects Google’s ongoing commitment to enhancing browser security and addressing vulnerabilities that could impact user safety. As always, staying current with software updates is crucial in defending against evolving cyber threats and maintaining a secure digital environment.
Reference:
