Google has rolled out a new security update for its Chrome browser, addressing several critical vulnerabilities.
The update on the Stable channel brings Chrome to version 127.0.6533.88/89 for Windows and Mac, and 127.0.6533.88 for Linux. The update will be distributed over the coming days and weeks.
According to Chrome reports, the latest update includes three significant security fixes, two classified as high severity and one as critical. External researchers identified and reported these vulnerabilities.
| CVE ID | Severity | Description | Reporter | Date Reported |
| CVE-2024-6990 | Critical | Uninitialized Use in Dawn | gelatin dessert | 2024-07-15 |
| CVE-2024-7255 | High | Out of bounds read in WebTransport | Marten Richter | 2024-07-13 |
| CVE-2024-7256 | High | Insufficient data validation in Dawn | gelatin dessert | 2024-07-23 |
How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide
The most severe of these vulnerabilities, CVE-2024-6990, involves an uninitialized use in Dawn, a graphics abstraction layer. This flaw could potentially allow attackers to execute arbitrary code on affected systems.
The other two vulnerabilities, CVE-2024-7255 and CVE-2024-7256, involve out-of-bounds reads in WebTransport and insufficient data validation in Dawn. If left unpatched, both could lead to similar exploitation scenarios.
Google has restricted access to detailed information about these bugs until most users have updated their browsers. This precaution prevents malicious actors from exploiting the vulnerabilities before users can protect themselves.
Google expressed gratitude to the security researchers who contributed to identifying these vulnerabilities. The company emphasized the importance of collaboration with the security community to enhance the safety and reliability of its products.
Users are encouraged to update their browsers promptly and report any new issues through the bug filing system or the community help forum.
Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access
The QSC Loader service DLL named "loader.dll" leverages two distinct methods to obtain the path…
Cybercriminals are exploiting the recent critical LDAP vulnerabilities (CVE-2024-49112 and CVE-2024-49113) by distributing fake proof-of-concept…
A NonEuclid sophisticated C# Remote Access Trojan (RAT) designed for the.NET Framework 4.8 has been…
Fraudsters in the Middle East are exploiting a vulnerability in the government services portal. By…
Juniper Networks has disclosed a significant vulnerability affecting its Junos OS and Junos OS Evolved…
CrowdStrike, a leader in cybersecurity, uncovered a sophisticated phishing campaign that leverages its recruitment branding…