Google has released a critical security update for Chrome, addressing four high-severity memory safety vulnerabilities reported by external researchers. These vulnerabilities, identified as CVE-2024-6290 to CVE-2024-6293, specifically impact the Dawn and Swiftshader components of the browser. Three of the issues were discovered by security researcher ‘wgslfuzz’ over the past month, earning a $10,000 bug bounty, while the fourth was reported by Cassidy Kim in November 2023, receiving a $4,000 reward.
The latest Chrome version, 126.0.6478.126 for Linux and 126.0.6478.126/127 for Windows, macOS, and Android, includes patches for these vulnerabilities. Although there have been no reported exploits in the wild, Google advises users to update their browsers promptly to safeguard against potential attacks. Use-after-free bugs, such as those addressed in this update, can lead to arbitrary code execution or denial-of-service attacks by exploiting memory allocation issues.
Google continues to enhance Chrome’s security measures against memory safety flaws, including the adoption of Rust, a memory-safe programming language. This proactive approach aims to strengthen Chrome’s defenses against vulnerabilities that could potentially compromise system integrity or facilitate sandbox escapes. Users are encouraged to stay vigilant and apply updates regularly to benefit from the latest security enhancements and protections offered by Chrome.
Reference:
