Chrome Releases Stable Channel Update Addressing High Security Vulnerabilities
The Chrome development team has announced the rollout of a new Stable channel update—version 129.0.6668.89/.90 for Windows and Mac, and 129.0.6668.89 for Linux. This update is set to deploy over the coming days and weeks, bringing with it important security enhancements and fixes.
This latest release addresses four significant security vulnerabilities, three of which were identified and reported by external security researchers. While full details of these vulnerabilities remain restricted until the majority of users have updated, the highlights include:
- CVE-2024-7025: Integer Overflow in Layout
Reported by Tashita Software Security on September 18, 2024, this high-severity flaw pertains to an integer overflow issue within Chrome’s layout components. An exploit could potentially allow attackers to execute arbitrary code or cause a denial of service.
- CVE-2024-9369: Insufficient Data Validation in Mojo
Discovered by Xiantong Hou and Pisanbao of Wuheng Lab on September 19, 2024, this high-severity vulnerability involves inadequate data validation in Mojo, Chrome’s IPC library. This could be exploited to leak sensitive information or escalate privileges.
- CVE-2024-9370: Inappropriate Implementation in V8
Reported on September 19, 2024, by Nguyễn Hoàng Thạch, Đỗ Minh Tuấn, and Wu JinLin of STAR Labs SG Pte. Ltd., this high-severity issue affects V8, Chrome’s JavaScript engine. The flaw could lead to unexpected behavior, allowing malicious actors to manipulate web content or execute arbitrary code.
Chrome users are strongly encouraged to update their browsers to the latest version to benefit from these critical security patches. The update process is typically automatic, but users can manually check for updates by navigating to the “About Google Chrome” section in the browser settings.
