Google has released a critical security update for its Chrome browser, addressing three high-severity vulnerabilities that could compromise user security.
The latest stable channel update, version 130.0.6723.69 for Linux and 130.0.6723.69/.70 for Windows and Mac includes patches for these significant security flaws.
Among the patched vulnerabilities is CVE-2024-10229, a high-severity flaw in Chrome’s Extensions component that could allow attackers to bypass site isolation protections.
Free Webinar on Protecting Websites & APIs From Cyber Attacks -> Join Here
This vulnerability poses a significant risk as it could enable unauthorized access to sensitive data across different sites.
Two additional types of confusion vulnerabilities in Chrome’s V8 engine, CVE-2024-10230, and CVE-2024-10231, were also patched.
According to Chrome advisory, these flaws could lead to heap corruption and allow attackers to execute arbitrary code on affected systems when users visit maliciously crafted websites.
External security researchers discovered and reported the vulnerabilities. Vsevolod Kokorin from Solidlab identified the Extensions implementation flaw, while security researcher Seunghyun Lee (@0x10n) reported both V8 engine vulnerabilities.
The security update will automatically roll out to users over the coming days and weeks. However, given the severity of these vulnerabilities, users are strongly encouraged to manually update their browsers immediately. To update Chrome, users can:
Google temporarily restricts access to detailed vulnerability information until most users have updated their browsers to the latest version.
This practice helps protect users who haven’t yet received the update from potential exploitation of these security flaws.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here
A critical vulnerability in Hikvision security cameras, first disclosed in 2017, is being actively exploited…
Critical vulnerabilities discovered in Supermicro Baseboard Management Controller (BMC) firmware have exposed a troubling pattern…
A severe vulnerability in the Linux kernel's ksmbd SMB server implementation has been disclosed, potentially…
A sophisticated cybercriminal campaign has emerged targeting Indonesian and Vietnamese Android users with banking trojans…
A critical stored cross-site scripting vulnerability has emerged in the popular DotNetNuke (DNN) Platform, threatening…
Phishing campaigns are getting harder to spot, sometimes hiding in files you’d never suspect. ANY.RUN’s…