Chrome 126 Released With Patch For 21 Security Flaws

The Chrome team has released Chrome 126 to the Windows, Mac, and Linux stable channels. This update, which will roll out over the coming days and weeks, includes many fixes and improvements, focusing on security.

Key Security Fixes

Chrome 126 addresses 21 security vulnerabilities, many of which have been reported by external researchers. Some of the notable fixes include:

  • CVE-2024-5830: Type Confusion in V8, reported by Man Yue Mo of GitHub Security Lab, with a reward of $25,000.
  • CVE-2024-5831: Use after free in Dawn, reported by wgslfuzz, with a reward of $10,000.
  • CVE-2024-5832: Another Use after free in Dawn, also reported by wgslfuzz, with a reward of $10,000.
  • CVE-2024-5833: Type Confusion in V8, reported by @ginggilBesel, with a reward of $7,000.
  • CVE-2024-5834: Inappropriate implementation in Dawn, reported by gelatin dessert, with a reward of $5,000.
  • CVE-2024-5835: Heap buffer overflow in Tab Groups, reported by Weipeng Jiang (@Krace) of VRI, with a reward of $3,000.

Other vulnerabilities addressed include various use-after-free issues, heap buffer overflows, and inappropriate implementations across different browser components.

With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis

New Features and Improvements

In addition to security fixes, Chrome 126 introduces several new features and improvements:

  • Cross-document view transitions: This feature allows for smooth transitions between different documents of the same origin, enhancing the user experience without requiring a single-page application architecture.
  • Out-of-process iframe (OOPIF) PDF viewer: This new architecture simplifies adding new features to the PDF viewer and improves performance.
  • Memory Saver aggressiveness: Administrators can now configure how aggressively the Memory Saver feature deactivates unused tabs to free up memory.
  • Reactive prefetch on Desktop: This feature speeds up navigation by prefetching subresources during navigation based on predictions from a Google-owned service.

Enterprise and Developer Updates

For enterprise users and developers, Chrome 126 includes several updates:

  • App-bound encryption for cookies: Enhances cookie security by binding the encryption key to Chrome’s application identity, protecting against malware that might steal cookies.
  • Chrome extension telemetry integration with Chronicle: Collects and analyzes extension telemetry data to provide insights on risky activities.
  • Page-Embedded Permission Control: Introduces a new HTML element to improve the user experience of permission prompts.

The release of Chrome 126 underscores Google’s commitment to security and performance. Users are encouraged to update their browsers promptly to benefit from the latest fixes and enhancements.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo 

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.