April 11, 2024 at 08:18AM
Google released Chrome 123 security update, addressing high-severity memory safety bugs. Vulnerabilities include out-of-bounds write issue in Compositing and heap buffer overflow in ANGLE rendering engine. Each flaw rewarded with $10,000 or $21,000 bug bounty. No known malicious attacks exploiting these issues. Updates rolling out for Linux, Windows, and macOS versions. Google actively combatting memory safety bugs.
From the meeting notes, I generated the following key points:
1. Google released Chrome 123 security update addressing three high-severity memory safety bugs reported by external researchers.
2. The vulnerabilities include an out-of-bounds write issue in Compositing, a heap buffer overflow bug in the ANGLE rendering engine, and a use-after-free bug in Dawn.
3. Google paid out bug bounty rewards of $21,000 and $10,000 for the identified security flaws.
4. The latest Chrome update is rolling out as version 123.0.6312.122 for Linux, versions 123.0.6312.122/.123 for Windows, and versions 123.0.6312.122/.123/.124 for macOS.
5. Despite the known vulnerabilities, Google has not reported any instances of exploitation in malicious attacks.
6. Chrome has been actively working on improving memory safety with measures including transitioning to the Rust programming language and implementing runtime checks and sandboxes.
Let me know if there’s anything else you need assistance with!