Google Chrome Addresses High-Severity Flaw in V8 JavaScript Engine (CVE-2024-12053)
Google has released a security update for its Chrome web browser to mitigate a high-severity “type confusion” vulnerability (CVE-2024-12053) residing within the V8 JavaScript engine. This vulnerability has the potential to allow attackers to execute arbitrary code on users’ systems, compromising their security and privacy.
Type confusion vulnerabilities arise when a program incorrectly interprets the type of data it is processing. This can lead to unexpected program behavior and, in this instance, could allow malicious actors to bypass Chrome’s sandbox environment, gaining unauthorized access to the underlying operating system.
The vulnerability was identified by security researchers “gal1ium” and “chluo” on November 14th, 2024. Google promptly addressed the issue, releasing a patch in the latest Stable channel update (version 131.0.6778.108/.109 for Windows and Mac, and 131.0.6778.108 for Linux). This update is being progressively rolled out to users over the coming days and weeks.
In addition to addressing CVE-2024-12053, this update incorporates three other security fixes.
Users can update their Chrome browser by navigating to the “About Google Chrome” section within the browser’s settings menu. The browser will automatically check for and install the latest available version.
