Thursday, May 1, 2025
HomeChromeGoogle Chrome 127 Released with a fix for 24 Security Vulnerabilities

Google Chrome 127 Released with a fix for 24 Security Vulnerabilities

Published on

SIEM as a Service

Follow Us on Google News

Google has unveiled the latest version of its Chrome browser, Chrome 127, which is now available on the Stable channel.

The update, identified as version 127.0.6533.72/73 for Windows and Mac, and 127.0.6533.72 for Linux, will be rolled out over the coming days and weeks.

This release addresses 24 security vulnerabilities, enhancing the browser’s security and stability. This update includes numerous security fixes as part of Google’s commitment to user safety.

- Advertisement - Google News

According to Google reports, external researchers were rewarded for contributing several of these fixes.

Access to bug details and links may be temporarily restricted until most users have updated their browsers. This precaution ensures that vulnerabilities are not exploited before users are protected.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

High Severity Vulnerabilities

  1. CVE-2024-6988: Use after free in Downloads, reported by lime(@limeSec_) from TIANGONG Team of Legends at QI-ANXIN Group, rewarded $11,000.
  2. CVE-2024-6989: Use after free in Loader, reported by Anonymous, rewarded $8,000.
  3. CVE-2024-6991: Use after free in Dawn, reported by wgslfuzz.
  4. CVE-2024-6992: Out-of-bounds memory access in ANGLE, reported by Xiantong Hou of Wuheng Lab and Pisanbao.
  5. CVE-2024-6993: Inappropriate implementation in Canvas, reported by Anonymous.

Medium Severity Vulnerabilities

  1. CVE-2024-6994: Huang Xilin of Ant Group Light-Year Security Lab reported heap buffer overflow in Layout, rewarded $8,000.
  2. CVE-2024-6995: Inappropriate implementation in Fullscreen, reported by Alesandro Ortiz, rewarded $6,000.
  3. CVE-2024-6996: Race in Frames, reported by Louis Jannett (Ruhr University Bochum), rewarded $5,000.
  4. CVE-2024-6997: Use after free in Tabs, reported by Sven Dysthe (@svn-dys), rewarded $3,000.
  5. CVE-2024-6998: Use after free in User Education, reported by Sven Dysthe (@svn-dys), rewarded $2,000.
  6. CVE-2024-6999: Inappropriate implementation in FedCM, reported by Alesandro Ortiz, rewarded $2,000.
  7. CVE-2024-7000: Use after free in CSS, reported by Anonymous, rewarded $500.
  8. CVE-2024-7001: Inappropriate implementation in HTML, reported by Jake Archibald.

Low Severity Vulnerabilities

  1. CVE-2024-7003: Inappropriate implementation in FedCM, reported by Alesandro Ortiz, rewarded $2,000.
  2. CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing, reported by Anonymous.
  3. CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing, reported by Umar Farooq.

Google also acknowledged the efforts of security researchers who collaborated during the development cycle to prevent security bugs from reaching the stable channel.

Many security bugs were detected using advanced tools such as AddressSanitizer, MemorySanitizer, and libFuzzer.

For users interested in switching release channels or reporting new issues, Google provides resources and a community help forum.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Managing Shadow IT Risks – CISO’s Practical Toolkit

Managing Shadow IT risks has become a critical challenge for Chief Information Security Officers...

Application Security in 2025 – CISO’s Priority Guide

Application security in 2025 has become a defining concern for every Chief Information Security...

Preparing for Quantum Cybersecurity Risks – CISO Insights

Quantum cybersecurity risks represent a paradigm shift in cybersecurity, demanding immediate attention from Chief...

Securing Digital Transformation – CISO’s Resource Hub

In today’s hyper-connected world, securing digital transformation is a technological upgrade and a fundamental...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Netgear EX6200 Flaw Enables Remote Access and Data Theft

Security researchers have disclosed three critical vulnerabilities in the Netgear EX6200 Wi-Fi range extender...

Tesla Model 3 VCSEC Vulnerability Lets Hackers Run Arbitrary Code

A high security flaw in Tesla’s Model 3 vehicles, disclosed at the 2025 Pwn2Own...

Apache ActiveMQ Vulnerability Lets Remote Hackers Execute Arbitrary Code

A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered,...