New Chrome Security Patch Targets Critical CVE-2024-10487 & 10488 Flaws – Update Immediately
Google has just released an urgent update for its Chrome browser, addressing two serious security vulnerabilities that could potentially allow attackers to take control of users’ systems. The vulnerabilities, identified as CVE-2024-10487 and CVE-2024-10488, affect Chrome across Windows, Mac, and Linux platforms.
CVE-2024-10487, rated as Critical, involves an “out of bounds write” vulnerability in the Dawn graphics library. This type of flaw can allow attackers to corrupt memory and potentially execute malicious code on the user’s device. The vulnerability was reported by Apple Security Engineering and Architecture (SEAR) on October 23rd, highlighting the collaborative effort in cybersecurity across tech giants.
CVE-2024-10488, classified as High, is a “use after free” vulnerability in WebRTC, the technology powering real-time communication in Chrome. This vulnerability could enable attackers to exploit a freed memory space, leading to crashes or, in more severe cases, arbitrary code execution. Security researcher Cassidy Kim (@cassidy6564) is credited with discovering and reporting this vulnerability on October 18th.
The updates, versions 130.0.6723.91/.92 for Windows and Mac, and 130.0.6723.91 for Linux, are rolling out to users over the coming days and weeks. The Extended Stable channel has also been updated to 130.0.6723.92 for Windows and Mac.
Google urges all users to update their Chrome browsers as soon as possible to mitigate these security risks. To update, users can navigate to “Help” -> “About Google Chrome” within their browser. Chrome will automatically check for and install the latest updates.
