Google is addressing a grave security issue in Chrome, labeling the fix “critical” for people who use the popular web browser on Windows, Mac, and Android.
Chrome 124.0.6367.78/.79 for Windows, Chrome 124.0.6367.78 for Mac and Linux, and Chrome 124.0.6367.82 for Android, are the latest versions of the popular Chrome web browser, rolling out to desktop and mobile users worldwide now.
At first glance, the release looks like most other routine updates for Chrome. But a closer look at the changelog reveals an important detail about this ‘maintenance’ update: it addresses four security flaws, one of them labeled “critical” by the web giant.
Tracked as CVE-2024-4058, this type confusion issue in Chrome’s graphics rendering module ANGLE is serious enough to warrant Google’s highest risk rating.
The company keeps the technical details under wraps to give users a chance to update before hackers reverse-engineer the patch and develop exploits.
Type confusion vulnerabilities are serious. Exploited properly, especially as part of an exploit chain, type confusion weaknesses can lead to remote code execution with little or no input from the unsuspecting victim, enabling a motivated attacker to run rampant on the target device, steal data, and even deploy malware.
Google awarded a $16,000 bug bounty to the two white hats who reported the bug, Toan (suto) Pham and Bao (zx) Pham, at the start of April.
In addition to this critical fix, the update addresses two more security bugs labeled “high” risk: an out-of-bounds read flaw in the V8 API, and a use-after-free issue in Dawn, the underlying implementation of WebGPU in the Chromium project.
Spyware actors have been targeting unpatched instances of Chrome in recent times, prompting Google to ramp up development of security patches for its user base, on both desktop and mobile platforms.
The Android implementation of Chrome typically receives the same fixes as its desktop counterpart – as is the case with this release as well.
Apple customers also get an updated version of Chrome for iPhone and iPad, which only contains the usual “stability and performance improvements,” remaining unaffected by the critical issue described above.
Bitdefender strongly recommends you deploy security fixes as soon as your vendor makes them available, especially when the issues addressed are labeled serious. For peace of mind, consider running a dedicated security solution on all your personal devices.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsNovember 14, 2024
September 06, 2024