Google has issued a critical security update for its Chrome browser, addressing several high-severity vulnerabilities that could enable attackers to execute malicious code on users’ devices. Released on August 6, 2024, this update targets versions 127.0.6533.99/.100 for Windows and Mac and 127.0.6533.99 for Linux. Among the flaws, CVE-2024-7532 is deemed critical due to an out-of-bounds memory access issue in ANGLE, posing significant risks to users’ systems and privacy.
In total, the update resolves six vulnerabilities, including a use-after-free flaw in the Sharing feature and a heap buffer overflow in the Layout component. Malicious actors could exploit these vulnerabilities to gain unauthorized access, steal sensitive data, or disrupt systems. Google has chosen not to disclose detailed information about these flaws until the majority of users have updated their browsers to avoid further exploitation.
Security researchers who reported these vulnerabilities have received significant bug bounties, with one researcher awarded $11,000 for identifying the Sharing vulnerability. Users are strongly urged to update their Chrome browsers immediately to safeguard against potential attacks, highlighting the critical importance of maintaining up-to-date software.
This incident underscores the ongoing need for prompt patching and vigilance in security practices as cyber threats continue to evolve. Keeping software current and recognizing the role of security researchers in identifying vulnerabilities are essential steps for ensuring online safety.
Reference: