Monday, February 17, 2025
HomeChromeChrome Vulnerability Let Attackers Execute Arbitrary Code Remotely

Chrome Vulnerability Let Attackers Execute Arbitrary Code Remotely

Published on

SIEM as a Service

Follow Us on Google News

The stable channel for desktops has been updated to version 128.0.6613.119/.120 for Windows and Mac, and 128.0.6613.119 for Linux.

This update will be gradually rolled out over the coming days and weeks. For those using the Extended Stable channel, version 128.0.6613.120 is now available for Windows and Mac. The full list of changes is in the build log.

Security Fixes and Rewards

This latest update includes four critical security fixes, with two significant contributions from external researchers.

What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!

Notably, Cassidy Kim, a security researcher, identified two high-severity vulnerabilities:

  • CVE-2024-8362: A “use after free” vulnerability in WebAudio, reported on August 5, 2024, with a reward of $7,000.
  • CVE-2024-7970: An “out of bounds write” issue in V8, reported on August 9, 2024. The reward for this discovery is yet to be determined.

These vulnerabilities highlight the ongoing collaboration between Google and the security research community to enhance user safety.

Access to detailed bug information remains restricted until most users have received the update, minimizing potential exploits.

Internal Security Enhancements

Beyond external contributions, Google continues to invest in internal security measures. The update includes fixes from internal audits, fuzzing, and other security initiatives.

Tools such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL are crucial in identifying and mitigating security bugs.

Google encourages users to participate in improving Chrome’s security and performance. Instructions on how to switch are available for users interested in exploring different release channels.

The community help forum is also available for reporting new issues and learning about common problems.

As always, Google extends its gratitude to all security researchers who contribute to making Chrome a safer browser for millions of users worldwide.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Android’s New Security Feature Prevents Sensitive Setting Changes During Calls

Phone scams are becoming more sophisticated with advancements in AI-driven speech tools, making it...

Hackers Exploit Microsoft Teams Invites to Gain Unauthorized Access

The Microsoft Threat Intelligence Center (MSTIC) has uncovered an ongoing and sophisticated phishing campaign...

Meta’s Bug Bounty Initiative Pays $2.3 Million to Security Researchers in 2024

Meta's commitment to cybersecurity took center stage in 2024 as the tech giant awarded...

Google Chrome Introduces AI to Block Malicious Websites and Downloads

Google has taken a significant step in enhancing internet safety by integrating artificial intelligence...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Android’s New Security Feature Prevents Sensitive Setting Changes During Calls

Phone scams are becoming more sophisticated with advancements in AI-driven speech tools, making it...

Hackers Exploit Microsoft Teams Invites to Gain Unauthorized Access

The Microsoft Threat Intelligence Center (MSTIC) has uncovered an ongoing and sophisticated phishing campaign...

Meta’s Bug Bounty Initiative Pays $2.3 Million to Security Researchers in 2024

Meta's commitment to cybersecurity took center stage in 2024 as the tech giant awarded...