Chrome Security Update 23 Vulnerabilities

Google has announced a comprehensive update to the Chrome and Extended Stable channels.

The latest release, version 124.0.6367.60/.61 for Windows and Mac and version 124.0.6367.60 for Linux, addresses 23 security vulnerabilities.

This update underscores Google’s ongoing commitment to safeguarding users against the evolving landscape of cyber threats.

Version and Platform Details

The update has been rolled out for Chrome and Extended Stable channels.

The new version is 124.0.6367.60/.61 for Windows and Mac users, while Linux users will receive version 124.0.6367.60.

Google has indicated that the update will be deployed over the coming days and weeks, ensuring a broad and systematic reach to its global user base.

Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

Highlighted Security Fixes and Rewards

Google’s latest security update includes fixes for various high to low-severity vulnerabilities. Notably, the company has awarded a total of $38,000 in rewards to researchers who reported some of these vulnerabilities, highlighting the value of collaborative security research.

  • High Severity Fixes: Among the critical fixes are CVE-2024-3832, an object corruption vulnerability in V8, and CVE-2024-3833, another object corruption issue found in WebAssembly. Man Yue Mo of GitHub Security Lab and other researchers reported these vulnerabilities, and they were rewarded $20,000 and $10,000, respectively.
  • Medium Severity Fixes: The update also addresses several medium-severity issues, including CVE-2024-3838, an inappropriate implementation in Autofill, and CVE-2024-3839, an out-of-bounds read in Fonts. Ardyan Vicky Ramadhan and Ronald Crane (Zippenhop LLC) reported these, and each finding was rewarded $5,000.
  • Low Severity Fixes: On the lower end of the spectrum, CVE-2024-3846 and CVE-2024-3847 were identified as inappropriate implementation in Prompts and insufficient policy enforcement in WebUI, respectively. Ahmed ElMasry and Yan Zhu reported these issues and were rewarded $2,000 and $1,000, respectively.

In addition to the externally reported vulnerabilities, Google’s internal security team has been instrumental in identifying and rectifying a wide array of security bugs.

The team has contributed to the overall security enhancements in this update through rigorous internal audits, fuzzing, and other initiatives.

By addressing 23 vulnerabilities and collaborating closely with the security research community, Google provides a safer browsing experience for millions of users worldwide.

Users are encouraged to update their Chrome browser to the latest version to benefit from these security improvements.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.