Saturday, December 14, 2024
HomeChromeChrome Security Update: Patch for Critical Flaw that Leads to Exploitation

Chrome Security Update: Patch for Critical Flaw that Leads to Exploitation

Published on

SIEM as a Service

Google has rolled out a new security update for its Chrome browser, addressing several critical vulnerabilities.

The update on the Stable channel brings Chrome to version 127.0.6533.88/89 for Windows and Mac, and 127.0.6533.88 for Linux. The update will be distributed over the coming days and weeks.

Critical Vulnerabilities Addressed

According to Chrome reports, the latest update includes three significant security fixes, two classified as high severity and one as critical. External researchers identified and reported these vulnerabilities.

- Advertisement - SIEM as a Service
CVE IDSeverityDescriptionReporterDate Reported
CVE-2024-6990CriticalUninitialized Use in Dawngelatin dessert2024-07-15
CVE-2024-7255HighOut of bounds read in WebTransportMarten Richter2024-07-13
CVE-2024-7256HighInsufficient data validation in Dawngelatin dessert2024-07-23

How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide

Impact and Mitigation

The most severe of these vulnerabilities, CVE-2024-6990, involves an uninitialized use in Dawn, a graphics abstraction layer. This flaw could potentially allow attackers to execute arbitrary code on affected systems.

The other two vulnerabilities, CVE-2024-7255 and CVE-2024-7256, involve out-of-bounds reads in WebTransport and insufficient data validation in Dawn. If left unpatched, both could lead to similar exploitation scenarios.

Google has restricted access to detailed information about these bugs until most users have updated their browsers. This precaution prevents malicious actors from exploiting the vulnerabilities before users can protect themselves.

Google expressed gratitude to the security researchers who contributed to identifying these vulnerabilities. The company emphasized the importance of collaboration with the security community to enhance the safety and reliability of its products.

Users are encouraged to update their browsers promptly and report any new issues through the bug filing system or the community help forum.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every...

Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit

The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks...

Reyee OS IoT Devices Compromised: Over-The-Air Attack Bypasses Wi-Fi Logins

Researchers discovered multiple vulnerabilities in Ruijie Networks' cloud-connected devices. By exploiting these vulnerabilities, attackers...

New Android Banking Malware Attacking Indian Banks To Steal Login Credentials

Researchers have discovered a new Android banking trojan targeting Indian users, and this malware...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every...

Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit

The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks...

Reyee OS IoT Devices Compromised: Over-The-Air Attack Bypasses Wi-Fi Logins

Researchers discovered multiple vulnerabilities in Ruijie Networks' cloud-connected devices. By exploiting these vulnerabilities, attackers...