Critical Chrome Security Update: Patch for Out-of-Bounds & WebRTC Vulnerability

Google has rolled out a critical security update for its Chrome browser, addressing significant vulnerabilities that attackers could exploit.

The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux.

Similarly, the Extended Stable channel has been updated to 130.0.6723.92 for Windows and Mac, with the rollout expected to be completed over the coming days and weeks.

Strategies to Defend Websites & APIs from Malware Attack -> Free Webinar

Key Security Vulnerabilities Patched

This update is crucial as it addresses two major security vulnerabilities reported by external researchers:

Critical CVE-2024-10487: Out-of-Bounds Write in Dawn

One of the vulnerabilities, identified as CVE-2024-10487, involves an “out-of-bounds write” in the Dawn graphics system.

If exploited, this flaw could allow attackers to write data beyond the allocated memory, potentially leading to code execution or system crashes. Apple Security Engineering and Architecture (SEAR) reported the issue on October 23, 2024.

High CVE-2024-10488: Use After Free in WebRTC

The second vulnerability, CVE-2024-10488, is a “use after free” issue within Chrome’s WebRTC (Web Real-Time Communication) component.

Cassidy Kim reported this bug on October 18, 2024. A “use after free” vulnerability is particularly dangerous as it can lead to the execution of arbitrary code or cause a crash by accessing memory that has already been freed.

The out-of-bounds write vulnerability in Dawn is particularly severe because it can allow remote code execution, which attackers can leverage to gain control over affected systems.

The use-after-free vulnerability in WebRTC also poses a high risk as it could be exploited to manipulate browser memory, leading to potential data breaches or system crashes.

These vulnerabilities highlight the ongoing challenges in web security. Even widely used platforms like Chrome are not immune to critical flaws that require prompt attention and patching.

Google has proactively addressed these issues by collaborating with security researchers who identified these vulnerabilities during the development cycle.

This collaboration is part of Google’s broader strategy to enhance security measures and prevent such vulnerabilities from reaching the stable channel.

Users are strongly advised to update their Chrome browsers immediately to mitigate any potential risks associated with these vulnerabilities.

The update process can be initiated manually through Chrome’s settings under “About Google Chrome,” where users can check for updates and install them if available.

Chrome will automatically check for updates and install the latest version. You may be prompted to restart the browser to complete the update process.

This latest update underscores the importance of regular software updates as a critical component of cybersecurity hygiene. By staying updated, users can protect themselves from known vulnerabilities that malicious actors could otherwise exploit.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!