Google has issued another round of fixes for newly discovered security holes in Chrome for desktop and mobile, including a notably serious issue labelled “critical” in terms of risk.
“The Stable channel has been updated to 127.0.6533.88/89 for Windows, Mac and 127.0.6533.88 for Linux which will roll out over the coming days/weeks,” reads the latest entry on the Chrome Releases blog.
In a separate post, the web giant announced Chrome 127.0.6533.84 for Android, an updated version of the popular web browser for mobile users, adding it will become available on Google Play in a few days.
Both updates pack the same security fixes, as is generally the case with Chrome for desktop and Android (not so much Chrome for iOS, which typically enjoys more stability and security).
Like most maintenance updates, besides the usual performance and stability improvements, this release packs security fixes as well.
Tracked as CVE-2024-6990, an “Uninitialized Use” issue in Chrome’s WebGPU implementation “Dawn” is said to be critical in terms of severity.
Issues labelled “critical” typically cause severe damage, compromise sensitive information, or disrupt critical services.
Another Dawn bug, tracked as CVE-2024-7256, stems from insufficient data validation and is considered high-risk.
Finally, a WebTransport weakness tracked as CVE-2024-7255 is also considered at high risk of exploitation and compromise.
Dawn is the implementation of the WebGPU standard in Chrome. While Dawn can produce errors for several reasons, the most common cause is validation errors – when a given descriptor, configuration, state, or action is not valid according to the WebGPU specification.
Google rarely assigns the “critical” tag to security flaws discovered by researchers, but it does so whenever the vulnerabilities addressed are serious enough to warrant this warning.
While there is no indication that hackers are actively exploiting these weaknesses, users are advised to update their Chrome browsers on Windows, Mac, Linux, and Android the first chance they get.
Bitdefender always recommends you deploy the latest security updates the moment they’re available – especially when the vulnerabilities addressed are critical or known to be exploited by threat actors in the wild.
Staying up to date greatly reduces the attack surface for hackers, as most maintenance updates include important security fixes. Unpatched flaws in Google Chrome have been known to lead to spyware infections in targeted attacks.
For peace of mind, consider using a dedicated security solution on your personal devices.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsNovember 14, 2024
September 06, 2024