August 22, 2024 at 06:21AM
Google has released Chrome 128, addressing 38 vulnerabilities, including 20 reported by external researchers. Seven high-severity flaws were identified, with one exploited in the wild as a zero-day (CVE-2024-7971). The update also resolves other high, medium, and low-severity bugs and includes bug bounty rewards totaling $95,000. Users are urged to update to version 128.0.6613.84/85.
From the meeting notes, the key takeaways are as follows:
– Google has released Chrome 128 to the stable channel, addressing 38 vulnerabilities, 20 of which were reported by external researchers, including seven high-severity bugs.
– One of the high-severity bugs, CVE-2024-7971, has been exploited in the wild as a zero-day. It was discovered and reported by Microsoft and is described as a type confusion in the V8 JavaScript engine.
– The update also resolves five other high-severity memory safety bugs, as well as nine medium-severity flaws and four low-severity inappropriate implementation defects.
– Google has awarded $95,000 in bug bounty rewards to the reporting researchers, with the highest payout of $36,000 going to an anonymous researcher who found a use-after-free bug in Passwords (CVE-2024-7964).
– This is the sixth Chrome zero-day exploited in attacks that Google has resolved this year.
– It is advised that users update their Chrome browsers to the latest version (128.0.6613.84 for Linux and 128.0.6613.84/.85 for macOS and Windows) as soon as possible.
Let me know if you need any further information or updates from the meeting notes.