Google recently released version 128.0.6613 for Chrome‘s Stable and Extended Stable channels, delivering crucial security updates for Windows, Mac, and Linux users. The rollout, planned to reach users over the next several days, brings heightened security to Chrome, addressing multiple vulnerabilities that could pose serious threats to user safety. This version exemplifies Google’s commitment to maintaining a secure browsing experience, even as new security challenges emerge.
Among the key fixes, Google addressed a high-severity “Use after free” vulnerability in WebAudio, identified as CVE-2024-8362. This type of flaw occurs when a program references memory after it has been freed, potentially allowing attackers to control that space. Specifically in WebAudio, if the code managing audio buffers mishandles an object’s lifecycle, it could lead to memory corruption or crashes. Such vulnerabilities are classified as high-severity because they may enable attackers to run malicious code in the same process space as Chrome, heightening the risk for users.
Another significant fix in this update covers an “Out of bounds write” vulnerability in Chrome’s V8 JavaScript engine, labeled CVE-2024-7970. This bug could allow attackers to manipulate memory beyond its intended boundaries, possibly resulting in arbitrary code execution. If exploited, it could enable attackers to install programs, alter data, or even create new user accounts with full privileges if the logged-in user has administrative rights. Google acknowledged Cassidy Kim for identifying these vulnerabilities and rewarded the research efforts that contributed to making Chrome safer.
In gratitude to the security community, Google continues to collaborate with external researchers who play an essential role in identifying and resolving vulnerabilities before they reach users. To protect Chrome users, Google restricts access to detailed bug information until the update reaches most users. This careful process ensures that potential attackers cannot exploit these bugs, reinforcing Chrome’s security across different operating systems and user bases worldwide.
Reference:
