Google has announced a significant security update for its Chrome browser, addressing 17 vulnerabilities in the latest build.
The update, which affects the Stable and Extended Stable channels, will roll out over the coming days and weeks for Windows, Mac, and Linux users.
The Stable channel has been updated to versions 130.0.6723.58/.59 for Windows and Mac and 130.0.6723.58 for Linux.
Meanwhile, the Extended Stable channel has been updated to version 130.0.6723.59 for Windows and Mac. These updates are part of Google’s ongoing efforts to enhance browser security and protect users from threats.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
In this update, Google has patched 17 security vulnerabilities, with several fixes contributed by external researchers.
The company has awarded $66,000 in rewards to those who reported these issues. The table below summarizes the key vulnerabilities patched:
| Severity | CVE ID | Description | Reward |
| High | CVE-2024-9954 | Use after free in AI | $36,000 |
| Medium | CVE-2024-9955 | Use after free in Web Authentication | $6,000 |
| Medium | CVE-2024-9956 | Inappropriate implementation in Web Auth | $6,000 |
| Medium | CVE-2024-9957 | Use after free in UI | $5,000 |
| Medium | CVE-2024-9958 | Inappropriate implementation in PictureInPicture | $5,000 |
| Medium | CVE-2024-9959 | Use after free in DevTools | $4,000 |
| Medium | CVE-2024-9960 | Use after free in Dawn | $2,000 |
| Medium | CVE-2024-9961 | Use after free in Parcel Tracking | $2,000 |
| Medium | CVE-2024-9962 | Inappropriate implementation in Permissions | $1,000 |
| Medium | CVE-2024-9963 | Insufficient data validation in Downloads | TBD |
| Low | CVE-2024-9964 | Inappropriate implementation in Payments | $3,000 |
| Low | CVE-2024-9965 | Insufficient data validation in DevTools | $1,000 |
| Low | CVE-2024-9966 | Inappropriate implementation in Navigations | $1,000 |
Google continues to emphasize its commitment to security through internal audits and collaborations with external researchers.
The company utilizes tools such as AddressSanitizer and MemorySanitizer to detect vulnerabilities proactively.
Access to detailed bug information remains restricted until most users have applied the update to ensure comprehensive protection.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide(PDF)
A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious actors…
SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce shoppers…
The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to malicious…
Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in 2022…
CVE-2024-52301 is a critical vulnerability identified in Laravel, a widely used PHP framework for building…
A critical vulnerability has been discovered in the popular "Really Simple Security" WordPress plugin, formerly…