March 27, 2024 at 10:54AM
Google released a Chrome browser security update addressing seven vulnerabilities, with four reported by external researchers. The most severe is a use-after-free bug in ANGLE, resulting in a $10,000 bug bounty. Three other high-severity issues were noted, including two zero-day vulnerabilities exploited at the Pwn2Own Vancouver 2024 hacking contest. The update, version 123.0.6312.86/.87, is being rolled out for Windows, macOS, and Linux. Users are advised to update their browsers promptly.
Summary of Meeting Notes:
– Google released a Chrome browser security update to fix seven vulnerabilities, including four reported by external researchers.
– The most critical external flaw is a use-after-free bug in ANGLE, with a CVE-2024-2883 tracking, and the discoverer received a $10,000 bounty reward.
– Other high-severity vulnerabilities reported by external researchers include CVE-2024-2885 in Dawn and two zero-day vulnerabilities, CVE-2024-2886 in WebCodecs, and CVE-2024-2887, a Type Confusion bug in WebAssembly, both demonstrated at the Pwn2Own Vancouver 2024 hacking contest.
– A security researcher earned rewards for exploiting Chrome vulnerabilities at the competition and won over $200,000 in total.
– Mozilla was first to release patches for zero-day vulnerabilities demonstrated at Pwn2Own.
– The latest Chrome update is version 123.0.6312.86/.87 for Windows and macOS, and version 123.0.6312.86 for Linux.
– Although there is no mention of these vulnerabilities being exploited, users are advised to update their browsers promptly.