Thursday, January 23, 2025
HomeChromeCritical Chrome Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical Chrome Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Published on

SIEM as a Service

Follow Us on Google News

Google has released a new security update on the Stable channel, bringing Chrome to version 131.0.6778.204/.205 for Windows and Mac and 131.0.6778.204 for Linux.

This update addresses multiple high-severity vulnerabilities, ensuring enhanced safety for users. The rollout will occur gradually over the coming days and weeks.

Highlighted Security Fixes

The latest Chrome release includes fixes for five vulnerabilities, of which four were reported by external researchers.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Below is a detailed breakdown, including links to official CVE entries for further reading:

SeverityCVE IDDescription
HighCVE-2024-12693Type Confusion in V8
HighCVE-2024-12694Out of bounds memory access in V8
HighCVE-2024-12695Use after free in Compositing
HighCVE-2024-12695Out of bounds write in V8

In addition to addressing externally reported vulnerabilities, Google’s internal security teams have implemented various fixes stemming from audits, fuzzing, and other proactive initiatives.

These efforts are critical in preventing bugs from reaching the stable release channel. Tools such as AddressSanitizer, MemorySanitizer, and libFuzzer aid in detecting and resolving these issues early in the development cycle.

To protect users, bug details and CVE links are restricted until most users are updated. If a vulnerability involves a third-party library widely used across other projects, details may be withheld until those projects also issue fixes.

To ensure you are protected, update your Chrome browser to the latest version.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies

The "Cookie Sandwich Attack" showcases a sophisticated way of exploiting inconsistencies in cookie parsing...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...