September 3, 2024 at 04:51AM
Two Chrome browser updates, 128.0.6613.113/.114 and 128.0.6613.119/.120, addressed eight vulnerabilities last week. Four high-severity memory safety flaws, including issues in the V8 JavaScript engine, were resolved. The security patches also covered a heap buffer overflow in Skia. Google urges prompt updates, but no evidence of exploitation in the wild has been reported.
Based on the meeting notes, here are the key takeaways:
1. Two security updates for the Chrome browser were released over the past week, resolving a total of eight vulnerabilities, including six high-severity bugs reported by external researchers.
2. The Chrome 128 update from last week addressed four externally reported high-severity memory safety flaws, with three of the security defects relating to the browser’s V8 JavaScript engine and the remaining vulnerability associated with the Skia graphics library.
3. All four security defects were resolved in Chrome versions 128.0.6613.113/.114 for Windows and macOS and version 128.0.6613.113 for Linux, with bug bounty rewards yet to be determined.
4. A subsequent Chrome 128 update was announced on Monday, addressing four vulnerabilities, including two reported by external researchers. Notably, Google paid out a $7,000 reward for a use-after-free bug in WebAudio.
5. The Chrome 128.0.6613.119/.120 versions for Windows and macOS and version 128.0.6613.119 for Linux include the patches for all security issues.
6. Although Google mentioned no exploitation of these vulnerabilities in the wild, the company’s fast release pace emphasizes the importance of promptly updating the browser.
These takeaways highlight the proactive approach taken by Google to address and resolve security vulnerabilities in the Chrome browser.