Saturday, December 14, 2024
HomeChromeGoogle Chrome 127 Released with a fix for 24 Security Vulnerabilities

Google Chrome 127 Released with a fix for 24 Security Vulnerabilities

Published on

SIEM as a Service

Google has unveiled the latest version of its Chrome browser, Chrome 127, which is now available on the Stable channel.

The update, identified as version 127.0.6533.72/73 for Windows and Mac, and 127.0.6533.72 for Linux, will be rolled out over the coming days and weeks.

This release addresses 24 security vulnerabilities, enhancing the browser’s security and stability. This update includes numerous security fixes as part of Google’s commitment to user safety.

- Advertisement - SIEM as a Service

According to Google reports, external researchers were rewarded for contributing several of these fixes.

Access to bug details and links may be temporarily restricted until most users have updated their browsers. This precaution ensures that vulnerabilities are not exploited before users are protected.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

High Severity Vulnerabilities

  1. CVE-2024-6988: Use after free in Downloads, reported by lime(@limeSec_) from TIANGONG Team of Legends at QI-ANXIN Group, rewarded $11,000.
  2. CVE-2024-6989: Use after free in Loader, reported by Anonymous, rewarded $8,000.
  3. CVE-2024-6991: Use after free in Dawn, reported by wgslfuzz.
  4. CVE-2024-6992: Out-of-bounds memory access in ANGLE, reported by Xiantong Hou of Wuheng Lab and Pisanbao.
  5. CVE-2024-6993: Inappropriate implementation in Canvas, reported by Anonymous.

Medium Severity Vulnerabilities

  1. CVE-2024-6994: Huang Xilin of Ant Group Light-Year Security Lab reported heap buffer overflow in Layout, rewarded $8,000.
  2. CVE-2024-6995: Inappropriate implementation in Fullscreen, reported by Alesandro Ortiz, rewarded $6,000.
  3. CVE-2024-6996: Race in Frames, reported by Louis Jannett (Ruhr University Bochum), rewarded $5,000.
  4. CVE-2024-6997: Use after free in Tabs, reported by Sven Dysthe (@svn-dys), rewarded $3,000.
  5. CVE-2024-6998: Use after free in User Education, reported by Sven Dysthe (@svn-dys), rewarded $2,000.
  6. CVE-2024-6999: Inappropriate implementation in FedCM, reported by Alesandro Ortiz, rewarded $2,000.
  7. CVE-2024-7000: Use after free in CSS, reported by Anonymous, rewarded $500.
  8. CVE-2024-7001: Inappropriate implementation in HTML, reported by Jake Archibald.

Low Severity Vulnerabilities

  1. CVE-2024-7003: Inappropriate implementation in FedCM, reported by Alesandro Ortiz, rewarded $2,000.
  2. CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing, reported by Anonymous.
  3. CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing, reported by Umar Farooq.

Google also acknowledged the efforts of security researchers who collaborated during the development cycle to prevent security bugs from reaching the stable channel.

Many security bugs were detected using advanced tools such as AddressSanitizer, MemorySanitizer, and libFuzzer.

For users interested in switching release channels or reporting new issues, Google provides resources and a community help forum.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every...

Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit

The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks...

Reyee OS IoT Devices Compromised: Over-The-Air Attack Bypasses Wi-Fi Logins

Researchers discovered multiple vulnerabilities in Ruijie Networks' cloud-connected devices. By exploiting these vulnerabilities, attackers...

New Android Banking Malware Attacking Indian Banks To Steal Login Credentials

Researchers have discovered a new Android banking trojan targeting Indian users, and this malware...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every...

Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit

The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks...

Reyee OS IoT Devices Compromised: Over-The-Air Attack Bypasses Wi-Fi Logins

Researchers discovered multiple vulnerabilities in Ruijie Networks' cloud-connected devices. By exploiting these vulnerabilities, attackers...