January 4, 2024 at 10:13AM
Google announced the first Chrome security update of 2024, resolving six vulnerabilities, including high-severity memory safety flaws reported by external researchers. Bug bounty rewards were handed out for some of the reported flaws. The update strengthens Chrome’s defenses against exploitation and is available for macOS, Linux, and Windows. No current exploitation of the patched vulnerabilities has been reported.
From the meeting notes, the key takeaways are:
– Google announced the first Chrome security update of 2024, fixing six vulnerabilities, with four reported by external researchers.
– The four externally reported security defects are high-severity memory safety flaws, with bug bounty rewards only allocated for three of them.
– The update addresses vulnerabilities such as use-after-free and heap buffer overflow in the graphics rendering engine ANGLE, as well as in Chrome’s WebAudio component and WebGPU.
– Use-after-free issues pose a risk of arbitrary code execution, data corruption, or denial-of-service, with potential to escape the browser’s sandbox.
– Google has been focusing on improving memory safety in Chrome and countering use-after-free vulnerabilities, but still faces documented high severity issues.
– The latest Chrome update is being rolled out as version 120.0.6099.199 for macOS and Linux, and as versions 120.0.6099.199/200 for Windows.
– Despite the patching, Google has not mentioned any of the vulnerabilities being exploited in the wild.