January 24, 2024 at 07:36AM
Google announced the release of Chrome 121, addressing 17 vulnerabilities, 11 of which were reported by external researchers. Three were rated as ‘high’ severity, earning bug bounty rewards totaling over $30,000. The update also resolved six medium-severity and two low-severity issues. The specific technical details of the resolved bugs were not disclosed.
From the meeting notes, I have gleaned the following key points:
– Google has promoted Chrome 121 to the stable channel, addressing 17 vulnerabilities, 11 of which were reported by external researchers.
– Among the externally reported security defects, there are three with a severity rating of ‘high’, for which Google rewarded the researchers with bug bounties totaling over $30,000.
– The high-severity bugs addressed in Chrome 121 include a use-after-free issue in WebAudio (CVE-2024-0807), inappropriate implementation in Accessibility (CVE-2024-0812), and an integer underflow in WebUI (CVE-2024-0808).
– The update also resolves six medium-severity issues and two low-severity vulnerabilities.
– Google has rolled out Chrome 121 as version 121.0.6167.85 for macOS and Linux, and as versions 121.0.6167.85/.86 for Windows.
– No technical details on resolved bugs have been made public, and there is no indication of these vulnerabilities being exploited in the wild.
– Additionally, the update comes after Google rushed out patches for the first Chrome zero-day of 2024, an out-of-bounds memory access issue in the V8 JavaScript engine that could be exploited by remote attackers via crafted HTML pages.
– In 2023, Google addressed eight exploited Chrome zero-days, including vulnerabilities believed to have been exploited by commercial spyware vendors.
I hope this summary effectively captures the key takeaways from the meeting notes. Please let me know if there is anything else you would like to add or modify.