Google Chrome Update Patches High-Risk Vulnerabilities

Google has released an important security update for its Chrome browser (version 123.0.6312.86/.87), addressing seven security vulnerabilities, including four rated as “High” and one “Critical” flaw.

Critical Vulnerability and Large Payout

• CVE-2024-2883: Use after free in ANGLE: This critical flaw was discovered by Cassidy Kim (@cassidy6564) and earned them a $10,000 reward from Google. “Use-after-free” vulnerabilities can potentially allow attackers to execute malicious code on a compromised system.

Other Notable Fixes

• CVE-2024-2885: Use after free in Dawn: Reported by wgslfuzz.
• CVE-2024-2886: Use after free in WebCodecs: Discovered by Seunghyun Lee (@0x10n) of KAIST Hacking Lab.
• CVE-2024-2887: Type Confusion in WebAssembly: Discovered by Manfred Paul.
• Further details on these vulnerabilities are pending release to allow users time to update their browsers.

Pwn2Own Competition Contributions

The fixes for CVE-2024-2886 and CVE-2024-2887 were the result of discoveries made during the Pwn2Own 2024 competition, a prestigious event where security researchers demonstrate real-world exploits against popular software.

Update Immediately

Chrome users are strongly advised to update their browsers to the latest version to mitigate the risks posed by these vulnerabilities. This update reinforces the importance of regular software patches and the role of security researchers in keeping users safe.