September 11, 2024 at 05:15AM
Google announced a new Chrome 128 update addressing five vulnerabilities, with four high-severity flaws reported by external researchers. The flaws include heap buffer overflow in Skia, use-after-free in Media Router, type confusion in V8 JavaScript engine, and use-after-free in Autofill. Google rewarded bug bounties for the first two security defects and urges users to update their browsers.
From the meeting notes, I have generated the following key takeaways:
1. Google announced a new Chrome 128 update addressing five vulnerabilities, including four reported by external researchers.
2. The vulnerabilities include high-severity memory safety issues such as heap buffer overflow, use-after-free security defects, type confusion, and use-after-free flaw.
3. Bug bounty rewards of $15,000 and $11,000 were granted for the first two security defects, with pending amounts for the last two.
4. The latest Chrome update is rolling out for Windows, macOS, and Linux, urging users to update their browsers as soon as possible.
5. Google has not reported any exploitation of these security defects in the wild.
6. This is the third Chrome 128 update released in as many weeks, with the previous two updates resolving eight vulnerabilities, including six reported by external researchers.
Let me know if there is anything else you would like to add or modify.