The Chrome team has officially announced the release of Chrome 129, which is now available on the stable channel for Windows, Mac, and Linux.
This update, which will be gradually rolled out over the coming days and weeks, addresses several security vulnerabilities and introduces various improvements. Users are encouraged to update their browsers to benefit from these enhancements.
Chrome 129.0.6668.58 for Linux and 129.0.6668.58/.59 for Windows and Mac includes nine security fixes, some of which were contributed by external researchers.
The details of these fixes will remain restricted until most users have updated their browsers to ensure security across all platforms.
Decoding Compliance: What CISOs Need to Know – Join Free Webinar
The following table highlights some of the key security issues addressed in this release:
| Severity | CVE ID | Description | Reward | Date Reported |
| High | CVE-2024-8904 | Type Confusion in V8 | N/A | 2024-09-08 |
| Medium | CVE-2024-8905 | Inappropriate implementation in V8 | $8000 | 2024-08-15 |
| Medium | CVE-2024-8906 | Incorrect security UI in Downloads | $2000 | 2024-07-12 |
| Medium | CVE-2024-8907 | Insufficient data validation in Omnibox | $1000 | 2024-08-18 |
| Low | CVE-2024-8908 | Inappropriate implementation in Autofill | $1000 | 2024-04-26 |
| Low | CVE-2024-8909 | Inappropriate implementation in UI | $1000 | 2024-05-18 |
In addition to these externally reported issues, the Chrome team has implemented various internal security fixes through audits, fuzzing, and other initiatives.
The Chrome team continues prioritizing security by working with researchers and utilizing advanced tools such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL to detect vulnerabilities.
These efforts are part of an ongoing commitment to maintaining a secure browsing experience for all users.
Users interested in exploring different release channels or reporting new issues can find more information on the Chrome Security Page or participate in the community help forum.
As always, the Chrome team appreciates the contributions of security researchers worldwide who help prevent vulnerabilities from reaching the stable channel.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial
A critical flaw in Apache mod_auth_openidc (versions ≤2.4.16.10) allows unauthenticated attackers to bypass authentication and access protected…
GCHQ’s National Cyber Security Centre (NCSC), in collaboration with international and industry partners, has issued…
In today's digital era, organizations face an ever-growing threat landscape, with cyberattacks, data breaches, and…
Google has rolled out a critical update for its Chrome browser, addressing a high-severity vulnerability…
Microsoft has disclosed an active exploitation of a zero-day vulnerability in the Windows Common Log…
Elastic, the company behind Kibana, has released critical security updates to address a high-severity vulnerability…