Patch Your Browser! Google Updates Chrome with ‘Critical’ Bug Fixes

Google rolled out updated versions of its popular web browser this week, addressing two significant security vulnerabilities on both desktop and mobile devices.

“The Stable channel has been updated to 130.0.6723.91/.92 for Windows, Mac, and 130.0.6723.91 for Linux, and will roll out over the coming days/weeks,” reads the announcement on the Chrome Releases blog.

Updated versions of Chrome are also available for Android and iOS – versions 130.0.6723.86 and 130.0.6723.90, respectively. Android releases contain the same security fixes as their corresponding desktop releases unless otherwise noted. On iOS, the new version includes only routine “stability and performance improvements.”

Critical fixes

Apart from Chrome for iOS, all other versions come equipped with two important security fixes – one labeled “critical” by Google.

Tracked as CVE-2024-10487, an out-of-bounds write flaw in Chrome’s Dawn component is serious enough to earn Google’s highest CVSS rating: “critical.”

Out-of-bounds write flaws allow modifications to app or system data, often where such changes should not be allowed. In this case, a motivated attacker wielding an exploit could cause anything from data corruption or program crashes to executing malware on the target device.

Google credits the Apple Security Engineering and Architecture (SEAR) team for reporting this flaw.

Historically, bugs reported between these two tech giants (i.e., by their respective security teams) have been leveraged by threat actors in targeted attacks, including infections with spyware like Pegasus or Predator.

The second issue, tracked as CVE-2024-10488 and rated high risk, is a “use-after-free” vulnerability in the browser’s real-time communications framework, WebRTC.

Reported by security researcher Cassidy Kim, this bug can cause a potentially exploitable crash in Chrome.

Google restricts access to technical details until most users have updated, which limits threat actors’ ability to exploit these weaknesses.

‘Security-update month’

October is Cybersecurity Awareness Month, an international initiative to educate users about online safety and cybercrime.

Apple has also rolled out important maintenance updates across its entire product lineup this month, delivering not just new features and improvements, but also fixes for dozens of security vulnerabilities recently uncovered by researchers.

As always, Bitdefender recommends keeping your devices and software updated, especially when the security side of an update is serious enough to warrant ratings like “high risk,” “critical,” or “exploited in the wild.”

To update your desktop Chrome browser, simply visit the Settings menu, choose About Chrome, and let the app fetch its latest version from Google’s servers. When prompted, relaunch Chrome.

On iOS and Android, simply fetch the latest version of Chrome from your respective app store.

Consider using a dedicated security solution on all your personal devices for peace of mind.