Critical Chrome Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Google has released a new security update on the Stable channel, bringing Chrome to version 131.0.6778.204/.205 for Windows and Mac and 131.0.6778.204 for Linux.

This update addresses multiple high-severity vulnerabilities, ensuring enhanced safety for users. The rollout will occur gradually over the coming days and weeks.

Highlighted Security Fixes

The latest Chrome release includes fixes for five vulnerabilities, of which four were reported by external researchers.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Below is a detailed breakdown, including links to official CVE entries for further reading:

Severity	CVE ID	Description
High	CVE-2024-12693	Type Confusion in V8
High	CVE-2024-12694	Out of bounds memory access in V8
High	CVE-2024-12695	Use after free in Compositing
High	CVE-2024-12695	Out of bounds write in V8

In addition to addressing externally reported vulnerabilities, Google’s internal security teams have implemented various fixes stemming from audits, fuzzing, and other proactive initiatives.

These efforts are critical in preventing bugs from reaching the stable release channel. Tools such as AddressSanitizer, MemorySanitizer, and libFuzzer aid in detecting and resolving these issues early in the development cycle.

To protect users, bug details and CVE links are restricted until most users are updated. If a vulnerability involves a third-party library widely used across other projects, details may be withheld until those projects also issue fixes.

To ensure you are protected, update your Chrome browser to the latest version.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free