High-Severity Vulnerabilities Fixed in Latest Chrome Release

by do son ·

CVE-2024-12692 & CVE-2024-12695

Google has released a crucial update for its Chrome browser, addressing five security vulnerabilities, several of which are rated as “High” severity. Users are strongly urged to update to the latest Stable channel version (131.0.6778.204/.205 for Windows and Mac, 131.0.6778.204 for Linux) as soon as possible.

This update tackles a range of issues, with a particular focus on the V8 JavaScript engine. Among the patched vulnerabilities:

  • CVE-2024-12692: Type Confusion in V8: This vulnerability, reported by security researcher Seunghyun Lee (@0x10n), could allow attackers to execute arbitrary code on a user’s system. Google has acknowledged the severity of this flaw with a $55,000 reward paid to the researcher.

  • CVE-2024-12693 & CVE-2024-12695: Out of bounds memory access and write in V8: Two separate vulnerabilities, both discovered by researcher 303f06e3, could lead to crashes or potentially allow attackers to manipulate memory. These flaws highlight the ongoing challenge of ensuring memory safety in complex software like browser engines.

  • CVE-2024-12694: Use after free in Compositing: This vulnerability, reported anonymously, involves the improper handling of memory after it has been freed, potentially leading to exploitable crashes or code execution.

While Google has not disclosed specific details about how these vulnerabilities could be exploited, the “High” severity rating indicates a significant risk to users. Attackers could potentially leverage these flaws through malicious websites or crafted web content, making it imperative for users to update their browsers promptly.

Google’s Chrome, being the most popular browser globally, is a prime target for attackers. Users should prioritize updating to the latest version to ensure their browsing experience remains safe and secure.

Related Posts:

Buy Me A Coffee

Tags: chromeCVE-2024-12692CVE-2024-12693CVE-2024-12694CVE-2024-12695google