Google Chrome Patches High-Severity Vulnerabilities – CVE-2024-12381 & CVE-2024-12382

CVE-2024-12381 & CVE-2024-12382

Google has announced its Chrome browser’s latest stable channel update, addressing several security vulnerabilities, including two classified as “High” severity. The update, rolling out progressively to Windows, Mac, and Linux users over the coming days/weeks, brings Chrome to version 131.0.6778.139/.140 for Windows and Mac, and 131.0.6778.139 for Linux.

This release prioritizes user security by incorporating fixes for vulnerabilities identified and reported by external researchers. Notably:

  • CVE-2024-12381: Type Confusion in V8: This vulnerability, discovered by security researcher Seunghyun Lee (@0x10n), resided within the V8 JavaScript engine. Type confusion flaws can allow attackers to execute arbitrary code, potentially compromising user systems. This fix mitigates the risk posed by this vulnerability.
  • CVE-2024-12382: Use After Free in Translate: Identified by lime(@limeSec_) from the TIANGONG Team of Legendsec at QI-ANXIN Group, this “use after free” vulnerability within Chrome’s Translate functionality could lead to program crashes or, in more severe scenarios, grant attackers control over the affected system.

Users are strongly encouraged to ensure their Chrome installations are updated to the latest version to benefit from these critical security enhancements. Chrome typically updates automatically, but users can also manually initiate an update by navigating to Help > About Google Chrome within the browser menu.

Related Posts: