Google has released a major update for its Chrome browser, addressing three security vulnerabilities, including two high-severity memory safety flaws reported by external researchers.
The most notable flaw, CVE-2024-12381, is a type confusion vulnerability in the V8 JavaScript engine, which earned the researcher who discovered it a $55,000 reward. Google stated that this flaw could potentially be exploited for remote code execution (RCE), enabling attackers to gain unauthorized access to systems or steal sensitive user data.
Type confusion vulnerabilities often occur in programming languages lacking memory safety mechanisms, such as C and C++. These flaws arise when resources are accessed using incompatible data types, leading to serious logic errors.
Additionally, Google has patched another vulnerability, CVE-2024-12382, a use-after-free issue in Chrome’s Translate component. The reward for this vulnerability has yet to be disclosed.
The updates have been rolled out as versions 131.0.6778.139/.140 for Windows and macOS and 131.0.6778.139 for Linux. The Chrome Extended Stable Channel has also been updated to 130.0.6723.160.
While Google has not observed any active exploitation of these vulnerabilities in the wild, users are strongly advised to update their browsers promptly to safeguard their systems from potential risks.
Source: SecurityWeeks