The latest stable channel update for Google Chrome, version 120.0.6099.199 for Mac and Linux and 120.0.6099.199/200 for Windows, is now available and will shortly be rolled out to all users.
Furthermore, the Extended Stable channel has been updated to 120.0.6099.200 for Windows and 120.0.6099.199 for Mac.
There are six security fixes in this release. Three of these flaws allowed an attacker to take control of a browser through use-after-free conditions.
Use-after-free is a condition in which the memory allocation is freed, but the program does not clear the pointer to that memory. This is due to incorrect usage of dynamic memory allocation during an operation.
Use after free in ANGLE in Google Chrome presents a high-severity vulnerability that might have led to a remote attacker compromising the renderer process and using a crafted HTML page to exploit heap corruption.
Google awarded $15,000 to Toan (suto) Pham of Qrious Secure for reporting this vulnerability.
This high-severity flaw was a heap buffer overflow in ANGLE that could have been exploited by a remote attacker using a crafted HTML page to cause heap corruption.
Toan (suto) Pham and Tri Dang of Qrious Secure received a $15,000 reward from Google for discovering this vulnerability.
A high-severity use after free in WebAudio in Google Chrome might potentially allow a remote attacker to exploit heap corruption through a manipulated HTML page.
Google awarded Huang Xilin of Ant Group Light-Year Security Lab a $10,000 reward for finding this issue.
A remote attacker may have been able to exploit heap corruption through a specifically designed HTML page due to high severity vulnerability in Google’s use after free in WebGPU.
The details about the reporter of this vulnerability were mentioned as anonymous.
The use after free conditions existed in Google Chrome before version 120.0.6099.199. To avoid exploiting these vulnerabilities, Google advises users to update to the most recent version of Google Chrome.
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…