December 11, 2024 at 10:19AM Google has released a Chrome update addressing three vulnerabilities, including two high-severity memory safety bugs in the V8 JavaScript engine, one of which led to a $55,000 bug bounty. The update also fixes a use-after-free defect. No exploitation of these vulnerabilities has been confirmed yet. ### Meeting Takeaways: 1. **Chrome … Read more
September 11, 2024 at 05:15AM Google announced a new Chrome 128 update addressing five vulnerabilities, with four high-severity flaws reported by external researchers. The flaws include heap buffer overflow in Skia, use-after-free in Media Router, type confusion in V8 JavaScript engine, and use-after-free in Autofill. Google rewarded bug bounties for the first two security defects … Read more
August 2, 2024 at 04:54PM A recent Google Chrome update has broken the drag-and-drop feature in the Downloads bubble, preventing users from dragging and dropping downloaded files onto websites or tabs. This issue, reported by BleepingComputer, affects versions 127.0.6533.73 and 126.0.6478.185 and is due to a new performance-enhancing feature. Google has created a fix to … Read more
July 31, 2024 at 09:08AM Google announced improved cookie protections in Chrome 127 for Windows, along with a security update resolving three vulnerabilities. The most serious defect is a critical-severity issue in the open source implementation of the WebGPU standard, and two high-severity bugs were also addressed. Google is rolling out the update and advises … Read more
June 25, 2024 at 03:54AM Google announced a new Chrome security update addressing four high-severity memory safety vulnerabilities. 3 defects were reported by ‘wgslfuzz’ & the 4th by Cassidy Kim. wgslfuzz received a $10,000 reward for CVE-2024-6290 & Kim $4,000 for CVE-2024-6291. The update, version 126.0.6478.126 for Linux and 126.0.6478.126/127 for Windows and macOS, includes … Read more
June 19, 2024 at 07:21AM Google announced an update to Chrome 126 containing six security fixes, including four high-severity vulnerabilities reported by external researchers. The first bug, CVE-2024-6100, was reported by Seunghyun Lee at the TyphoonPWN 2024 hacking competition, earning a $20,000 bug bounty. The update also addresses other high-severity flaws and is now rolling … Read more
May 24, 2024 at 11:42AM Google has addressed a critical high-severity security flaw, CVE-2024-5274, in its Chrome browser. The bug, a type confusion vulnerability in the V8 engine, poses threats such as code execution or access control bypasses. Two researchers, Clément Lecigne and Brendon Tiszka, reported the flaw. It marks Google’s fourth zero-day vulnerability this … Read more
May 24, 2024 at 05:09AM Google has released a new Chrome update to fix a high-severity vulnerability, CVE-2024-5274, making it the fourth zero-day patched in two weeks. The exploit exists in the wild, and no bug bounty will be given for its discovery. Google urges users to update to the latest Chrome release, version 125.0.6422.112. … Read more
May 14, 2024 at 12:39PM Google has released an emergency security update for Chrome to address a zero-day vulnerability with potential for data theft, malware implantation, and more. This is the second zero-day patched within a week and the sixth this year. The update includes a patch for a high-severity out-of-bounds write in the V8 … Read more
May 10, 2024 at 08:45AM Google released Chrome 124 update, addressing a zero-day vulnerability, tracking as CVE-2024-4671, a high-severity use-after-free bug in the Visuals component. The patch came just two days after the bug was reported by an anonymous researcher. No bug bounty information was provided. This is the second Chrome vulnerability of 2024 being … Read more