September 18, 2024 at 08:24AM
Google released Chrome 129 in the stable channel, addressing nine vulnerabilities, with the most severe being a type confusion bug in the V8 JavaScript engine. The update also resolves medium and low-severity vulnerabilities, with $13,000 in bug bounty payouts. Chrome 129 is now rolling out for Windows, macOS, and Linux, with no current reports of exploitation.
From the meeting notes, here are the key takeaways:
– Google released Chrome 129 in the stable channel with patches for nine vulnerabilities, including six reported by external researchers.
– The most severe vulnerability is a type confusion bug in the V8 JavaScript engine, and it could lead to crashes, remote code execution, and other types of attacks.
– Three medium-severity vulnerabilities related to inappropriate implementation in V8, incorrect security UI in Downloads, and insufficient data validation in Omnibox have been addressed in this update.
– Additionally, two low-severity inappropriate implementation flaws impacting Chrome’s Autofill and UI components have been resolved.
– Google has given out $13,000 in bug bounty payouts to researchers, with the highest reward going to Ganjiang Zhou of ChaMd5-H1 team.
– The latest Chrome version is rolling out for Windows, macOS, and Linux, and there is currently no indication that these vulnerabilities have been exploited in the wild.