May 22, 2024 at 06:30AM
Google announced the release of Chrome 125 update addressing six vulnerabilities, including four high-severity bugs reported by external researchers. The update resolves issues such as use-after-free flaw, type confusion bug in V8 JavaScript engine, and heap buffer overflow problems. Google has paid out bug bounty rewards ranging from $5,000 to $11,000 to the researchers who reported these issues.
Here are the key takeaways from the meeting notes:
1. Google announced the release of Chrome 125 update, addressing six vulnerabilities, including four high-severity bugs reported by external researchers.
2. The vulnerabilities include a use-after-free flaw in Scheduling (CVE-2024-5157) and a type confusion bug in the V8 JavaScript engine (CVE-2024-5158), as well as heap buffer overflow issues impacting the ANGLE graphics layer engine (CVE-2024-5159) and Dawn, Chrome’s implementation of the WebGPU standard (CVE-2024-5160).
3. Bug bounty rewards were issued to the researchers who reported the security defects, with amounts ranging from $5,000 to $11,000.
4. The latest Chrome release, version 125.0.6422.76 for Linux and versions 125.0.6422.76/.77 for Windows and macOS, is now being rolled out. Users are advised to update their browsers promptly.
5. Google stated that there is no evidence of these vulnerabilities being exploited in the wild, but users should still update their browsers as a precaution.
Let me know if there’s anything else you’d like me to include or clarify.