Google Chrome Update Fixes Critical Code Execution Vulnerability (CVE-2024-7532)
Google has released a critical security update for its Chrome web browser on the Stable channel, addressing five vulnerabilities, one of which is rated as critical. The update, versions 127.0.6533.99/.100 for Windows and Mac, and 127.0.6533.99 for Linux, is being rolled out gradually over the coming days/weeks.
Critical Vulnerability and High-Severity Flaws
The most severe vulnerability, CVE-2024-7532, involves out-of-bounds memory access in ANGLE, a graphics rendering engine used by Chrome. This flaw could potentially allow attackers to execute arbitrary code on a user’s system.
The remaining four vulnerabilities are rated as high severity and affect various components of the browser, including the Sharing feature, V8 JavaScript engine, Layout component, and WebAudio API. These flaws could enable attackers to take control of a user’s browser, crash the browser, or execute malicious code. These flaws include:
- Critical CVE-2024-7532: Out-of-bounds memory access in ANGLE, a 2D/3D graphics rendering engine used by Chrome. This vulnerability could potentially allow attackers to execute arbitrary code on a victim’s system.
- High CVE-2024-7533: Use-after-free vulnerability in Sharing, a Chrome feature that allows users to share content with others. This flaw could enable attackers to take control of a user’s browser.
- High CVE-2024-7550: Type confusion vulnerability in V8, Chrome’s JavaScript engine. This vulnerability could lead to arbitrary code execution.
- High CVE-2024-7534: Heap buffer overflow in Layout, a component responsible for rendering web pages. This flaw could be exploited to crash Chrome or execute malicious code.
- High CVE-2024-7535: Inappropriate implementation in V8. This vulnerability could potentially be used to bypass security measures.
- High CVE-2024-7536: Use-after-free vulnerability in WebAudio, a Chrome API for processing and playing audio. This flaw could enable attackers to execute arbitrary code.
Swift Action Recommended
While Google has stated that it is not currently aware of any active exploitation of these vulnerabilities, the company urges all users to update their Chrome browsers as soon as possible. These updates are essential to safeguard against potential attacks that could compromise user data, privacy, and system security.
To ensure your browser remains secure, it is crucial to apply updates as soon as they become available. Chrome typically handles updates automatically, but users can manually check for updates by navigating to “Help” > “About Google Chrome” in the browser menu.
