Google has recently implemented important security updates for its Chrome web browser, addressing multiple vulnerabilities. Among these, the most critical flaw is tracked as CVE-2024-4058, which is a Type Confusion issue found in the ANGLE graphics layer engine. This particular vulnerability could allow attackers to execute arbitrary code on a victim’s machine, posing a significant security threat to users.
The critical vulnerability CVE-2024-4058 was identified and reported by security researchers Toan (suto) Pham and Bao (zx) Pham from Qrious Secure, who were subsequently awarded a $16,000 bounty for their discovery. This discovery underlines the ongoing risks associated with complex software systems and the importance of continuous vigilance and updates in cybersecurity.
In addition to CVE-2024-4058, Google also rectified other high-severity vulnerabilities with the Chrome update. These include CVE-2024-4059, an Out of bounds read issue located in the V8 API, reported by a researcher named Eirik, and CVE-2024-4060, a Use after free problem in Dawn, which is part of an open-source and cross-platform implementation of the WebGPU standard. These vulnerabilities were promptly addressed to prevent potential exploitation.
The updated versions of Chrome have been rolled out to the Stable channel as version 124.0.6367.78/.79 for Windows and Mac, with updates for Linux to follow. This swift action reflects Google’s commitment to securing its users against emerging threats and maintaining the integrity of its software through regular and proactive security patches.
