Chrome Vulnerability Let Attackers Execute Arbitrary Code Remotely

The stable channel for desktops has been updated to version 128.0.6613.119/.120 for Windows and Mac, and 128.0.6613.119 for Linux.

This update will be gradually rolled out over the coming days and weeks. For those using the Extended Stable channel, version 128.0.6613.120 is now available for Windows and Mac. The full list of changes is in the build log.

Security Fixes and Rewards

This latest update includes four critical security fixes, with two significant contributions from external researchers.

What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!

Notably, Cassidy Kim, a security researcher, identified two high-severity vulnerabilities:

• CVE-2024-8362: A “use after free” vulnerability in WebAudio, reported on August 5, 2024, with a reward of $7,000.
• CVE-2024-7970: An “out of bounds write” issue in V8, reported on August 9, 2024. The reward for this discovery is yet to be determined.

These vulnerabilities highlight the ongoing collaboration between Google and the security research community to enhance user safety.

Access to detailed bug information remains restricted until most users have received the update, minimizing potential exploits.

Internal Security Enhancements

Beyond external contributions, Google continues to invest in internal security measures. The update includes fixes from internal audits, fuzzing, and other security initiatives.

Tools such as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL are crucial in identifying and mitigating security bugs.

Google encourages users to participate in improving Chrome’s security and performance. Instructions on how to switch are available for users interested in exploring different release channels.

The community help forum is also available for reporting new issues and learning about common problems.

As always, Google extends its gratitude to all security researchers who contribute to making Chrome a safer browser for millions of users worldwide.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial