Saturday, September 7, 2024
HomeChromeChrome Vulnerability Let Attackers Execute Arbitrary Code Remotely

Chrome Vulnerability Let Attackers Execute Arbitrary Code Remotely

Published on

The stable channel for desktops has been updated to version 128.0.6613.119/.120 for Windows and Mac, and 128.0.6613.119 for Linux.

This update will be gradually rolled out over the coming days and weeks. For those using the Extended Stable channel, version 128.0.6613.120 is now available for Windows and Mac. The full list of changes is in the build log.

Security Fixes and Rewards

This latest update includes four critical security fixes, with two significant contributions from external researchers.

- Advertisement - EHA

What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!

Notably, Cassidy Kim, a security researcher, identified two high-severity vulnerabilities:

  • CVE-2024-8362: A “use after free” vulnerability in WebAudio, reported on August 5, 2024, with a reward of $7,000.
  • CVE-2024-7970: An “out of bounds write” issue in V8, reported on August 9, 2024. The reward for this discovery is yet to be determined.

These vulnerabilities highlight the ongoing collaboration between Google and the security research community to enhance user safety.

Access to detailed bug information remains restricted until most users have received the update, minimizing potential exploits.

Internal Security Enhancements

Beyond external contributions, Google continues to invest in internal security measures. The update includes fixes from internal audits, fuzzing, and other security initiatives.

Tools such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL are crucial in identifying and mitigating security bugs.

Google encourages users to participate in improving Chrome’s security and performance. Instructions on how to switch are available for users interested in exploring different release channels.

The community help forum is also available for reporting new issues and learning about common problems.

As always, Google extends its gratitude to all security researchers who contribute to making Chrome a safer browser for millions of users worldwide.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...