Urgent Chrome Update: Google Patches Critical Security Flaw (CVE-2024-6990)

CVE-2024-6990 - chrome vulnerability

Google has issued an urgent security update for its widely-used Chrome browser, patching three vulnerabilities, one of which is rated “critical.” The vulnerabilities, tracked as CVE-2024-6990, CVE-2024-7255, and CVE-2024-7256, could potentially allow attackers to exploit weaknesses in the browser’s functionality, compromising user security.

The Critical Vulnerability

The most severe vulnerability, CVE-2024-6990, is an “uninitialized use” bug in the Dawn component of Chrome. This type of vulnerability can lead to unexpected behavior in the browser, opening the door for malicious code execution. Discovered by security researcher “gelatin dessert” on July 15th, this vulnerability could have potentially been exploited to install malware, steal sensitive data, or perform other harmful actions.

Additional High-Severity Vulnerabilities

In addition to the critical flaw, Google has also addressed two high-severity vulnerabilities. CVE-2024-7255 is an “out of bounds read” bug in the WebTransport component, reported by Marten Richter. This type of vulnerability can cause the browser to crash or become unstable, making it susceptible to further attacks. CVE-2024-7256, also discovered by “gelatin dessert,” is an “insufficient data validation” bug in Dawn, which could allow attackers to inject and execute malicious code.

Urgency for Update

Given the severity of these vulnerabilities, Google is urging all Chrome users to update their browsers as soon as possible. The updates, Chrome 127.0.6533.89 and Chrome 127.0.6533.88 for Windows and macOS, and Chrome 127.0.6533.88 for Linux, will be rolling out gradually over the coming days and weeks. To update, simply go to Chrome’s “About” section and check for updates.

Related Posts: