Cyber Security

Chrome Security Update: Patch for Multiple Flaws that Leads to Remote Code Execution

Google has announced the release of Chrome 126, a critical security update that addresses 10 vulnerabilities, including 8 high-severity flaws reported by external researchers.

This update is now rolling out for Windows, macOS, and Linux users, with version numbers 126.0.6478.182/183 for Windows and macOS and 126.0.6478.182 for Linux.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

The security update focuses on resolving several memory-related issues that could potentially lead to sandbox escapes and remote code execution. The vulnerabilities fixed in this release include:

  1. Inappropriate implementation in V8 (CVE-2024-6772)
  2. Type confusion in V8 (CVE-2024-6773)
  3. Use-after-free bugs in Screen Capture (CVE-2024-6774)
  4. Use-after-free in Media Stream (CVE-2024-6775)
  5. Use-after-free in Audio (CVE-2024-6776)
  6. Use-after-free in Navigation (CVE-2024-6777)
  7. Race condition in DevTools (CVE-2024-6778)
  8. Out-of-bounds memory access in V8 (CVE-2024-6779)

While there are no reports of these vulnerabilities being exploited in the wild, users are strongly advised to update their browsers as soon as possible to mitigate potential risks.

The update process is automatic, but users can manually check for updates by navigating to Chrome’s settings and selecting “About Chrome.”

In addition to the desktop version, Google has also released Chrome 126.0.6478.186 for Android, which includes the same security patches as the desktop release.

This update underscores Google’s ongoing efforts to improve Chrome’s security and address potential vulnerabilities promptly.

Users are encouraged to keep their browsers up-to-date to ensure they have the latest security protections.

To update Chrome, users can go to the browser’s settings and click on “About Chrome,” and the browser can check for and install any available updates.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

TikTok Stopped Working for US Users, Removed from Apple & Google stores

TikTok, the popular video-sharing app, has been banned in the United States and removed from…

6 hours ago

MITRE Launches D3FEND 1.0 to Standardize Cybersecurity Techniques for Countering Threats

MITRE has officially released D3FEND™ 1.0, a groundbreaking cybersecurity ontology designed to standardize the vocabulary…

1 day ago

PoC Exploit Released for Palo Alto Expedition Tool OS Command Injection Vulnerability

A recently disclosed vulnerability in Palo Alto Networks' Expedition tool has raised significant security concerns,…

1 day ago

FlowerStorm “Phishing-as-a-Service” Attacking Microsoft Users With Fake Login Pages

FlowerStorm is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms. Phishing…

1 day ago

Hackers Abusing Microsoft VSCode Remote Tunnels To Bypass Security Tools

VSCode Remote Tunnels, a legitimate feature of the popular development environment, are increasingly being used…

1 day ago

AWS Patches Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has recently addressed two critical security vulnerabilities affecting its popular cloud-based…

2 days ago