Sunday, November 17, 2024
HomeChromeGoogle Chrome 127 Released with a fix for 24 Security Vulnerabilities

Google Chrome 127 Released with a fix for 24 Security Vulnerabilities

Published on

Google has unveiled the latest version of its Chrome browser, Chrome 127, which is now available on the Stable channel.

The update, identified as version 127.0.6533.72/73 for Windows and Mac, and 127.0.6533.72 for Linux, will be rolled out over the coming days and weeks.

This release addresses 24 security vulnerabilities, enhancing the browser’s security and stability. This update includes numerous security fixes as part of Google’s commitment to user safety.

- Advertisement - SIEM as a Service

According to Google reports, external researchers were rewarded for contributing several of these fixes.

Access to bug details and links may be temporarily restricted until most users have updated their browsers. This precaution ensures that vulnerabilities are not exploited before users are protected.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

High Severity Vulnerabilities

  1. CVE-2024-6988: Use after free in Downloads, reported by lime(@limeSec_) from TIANGONG Team of Legends at QI-ANXIN Group, rewarded $11,000.
  2. CVE-2024-6989: Use after free in Loader, reported by Anonymous, rewarded $8,000.
  3. CVE-2024-6991: Use after free in Dawn, reported by wgslfuzz.
  4. CVE-2024-6992: Out-of-bounds memory access in ANGLE, reported by Xiantong Hou of Wuheng Lab and Pisanbao.
  5. CVE-2024-6993: Inappropriate implementation in Canvas, reported by Anonymous.

Medium Severity Vulnerabilities

  1. CVE-2024-6994: Huang Xilin of Ant Group Light-Year Security Lab reported heap buffer overflow in Layout, rewarded $8,000.
  2. CVE-2024-6995: Inappropriate implementation in Fullscreen, reported by Alesandro Ortiz, rewarded $6,000.
  3. CVE-2024-6996: Race in Frames, reported by Louis Jannett (Ruhr University Bochum), rewarded $5,000.
  4. CVE-2024-6997: Use after free in Tabs, reported by Sven Dysthe (@svn-dys), rewarded $3,000.
  5. CVE-2024-6998: Use after free in User Education, reported by Sven Dysthe (@svn-dys), rewarded $2,000.
  6. CVE-2024-6999: Inappropriate implementation in FedCM, reported by Alesandro Ortiz, rewarded $2,000.
  7. CVE-2024-7000: Use after free in CSS, reported by Anonymous, rewarded $500.
  8. CVE-2024-7001: Inappropriate implementation in HTML, reported by Jake Archibald.

Low Severity Vulnerabilities

  1. CVE-2024-7003: Inappropriate implementation in FedCM, reported by Alesandro Ortiz, rewarded $2,000.
  2. CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing, reported by Anonymous.
  3. CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing, reported by Umar Farooq.

Google also acknowledged the efforts of security researchers who collaborated during the development cycle to prevent security bugs from reaching the stable channel.

Many security bugs were detected using advanced tools such as AddressSanitizer, MemorySanitizer, and libFuzzer.

For users interested in switching release channels or reporting new issues, Google provides resources and a community help forum.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious...

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce...

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to...

Black Basta Ransomware Leveraging Social Engineering For Malware Deployment

Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious...

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce...

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to...