Google has released a significant update for its Chrome browser, addressing multiple high-severity vulnerabilities that could potentially allow unauthorized memory access and other exploits.
The Stable channel has been updated to version 131.0.6778.204/.205 for Windows and macOS and 131.0.6778.204 for Linux, with the rollout expected to span the coming days and weeks.
The latest update includes five critical security fixes, many identified by external researchers. These vulnerabilities primarily impact Chrome’s V8 JavaScript engine and other components, posing risks such as memory corruption, unauthorized access, and potential exploitation through malicious web pages.
Free Webinar on Best Practices for API vulnerability & Penetration Testing: Free Registration
1. CVE-2024-12692: A Type Confusion issue in the V8 JavaScript engine, reported by Seunghyun Lee (@0x10n) on December 5, 2024. This vulnerability could lead to heap corruption via a crafted HTML page.
2. CVE-2024-12693: An Out-of-Bounds Memory Access in V8, reported by researcher “303f06e3” on December 4, 2024. This flaw could allow attackers to access restricted memory areas, posing significant security risks.
3. CVE-2024-12694: A Use After Free vulnerability in the Compositing component, reported anonymously on September 19, 2024. This issue can cause unexpected behavior or crashes by accessing memory after it has been freed.
4. CVE-2024-12695: Another critical Out-of-Bounds Write in V8, reported by “303f06e3” on December 12, 2024.
Google has withheld detailed information about these vulnerabilities to prevent exploitation until most users have updated their browsers.
In addition to external contributions, Google’s internal security teams have implemented numerous fixes identified through audits and advanced tools like AddressSanitizer and MemorySanitizer.
These efforts aim to address potential vulnerabilities before they can be exploited proactively.
Given the severity of these vulnerabilities, users are strongly advised to update their Chrome browsers immediately. Failure to do so could leave systems exposed to potential attacks that exploit these flaws.
To update Chrome:
Google expressed gratitude to all external researchers who contributed to identifying these vulnerabilities and emphasized its commitment to rewarding such efforts through its bug bounty program.
This update underscores the importance of keeping software up-to-date to mitigate risks associated with increasingly sophisticated cyber threats targeting widely-used platforms like Chrome.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
Français 
English