Google has released Chrome 128, a significant update that addresses multiple high-severity vulnerabilities that could potentially impact the security and integrity of the widely used web browser. This update is crucial for users protect their systems against emerging threats.
Key Updates:
The Chrome 128 update includes fixes for 38 security vulnerabilities, several identified by external researchers as high-severity issues. One of the most critical vulnerabilities, CVE-2024-7971, is being actively exploited in the wild, making this update imperative for all users.
Notable High-Severity Fixes in Chrome 128:
CVE-2024-7964: Use-After-Free in Passwords
Severity: High
Reported by: Anonymous
Report Date: August 8, 2024
Details: This use-after-free vulnerability in the Passwords component poses a significant risk, allowing attackers to execute arbitrary code on a victim’s system.
CVE-2024-7965: Inappropriate Implementation in V8
Severity: High
Reported by: TheDog
Report Date: July 30, 2024
Details: This vulnerability resides in Chrome’s V8 JavaScript engine. It is being actively exploited, making it one of the critical vulnerabilities addressed in this update. The vulnerability has a CVSS score of 8.8, indicating its high severity. Google has confirmed that exploits for this vulnerability exist in the wild.
CVE-2024-7966: Out-of-Bounds Memory Access in Skia
Severity: High
Reported by: Renan Rios (@HyHy100)
Report Date: July 25, 2024
Details: This vulnerability involves out-of-bounds memory access in Skia, potentially allowing attackers to read or write sensitive data.
CVE-2024-7967: Heap Buffer Overflow in Fonts
Severity: High
Reported by: Tashita Software Security
Report Date: July 27, 2024
Details: A heap buffer overflow in the Fonts component could enable remote code execution, highlighting the urgency of applying this update.
CVE-2024-7971: Type Confusion in V8
Severity: High
Reported by: Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC)
Report Date: August 19, 2024
Details: This type confusion vulnerability in the V8 engine has been identified as being actively exploited in the wild, making it one of the most critical fixes in this release.
Actively Exploited Zero-Day Vulnerabilities Fixed This Year:
Google has been actively addressing zero-day vulnerabilities in Chrome, with CVE-2024-7965 and CVE-2024-7971 being the latest additions to the list of exploited vulnerabilities. Here’s a summary of the zero-days patched this year:
- CVE-2024-0519: High-severity out-of-bounds memory access in V8 JavaScript engine (January 2024).
- CVE-2024-2887: High-severity type confusion in WebAssembly (March 2024).
- CVE-2024-2886: High-severity use-after-free in WebCodecs (March 2024).
- CVE-2024-3159: High-severity out-of-bounds read in V8 JavaScript engine (March 2024).
- CVE-2024-4671: High-severity use-after-free in Visuals (May 2024).
- CVE-2024-4761: High-severity out-of-bounds write in V8 JavaScript engine (May 2024).
- CVE-2024-4947: High-severity type confusion in V8 JavaScript engine (May 2024).
- CVE-2024-5274: High-severity type confusion in V8 JavaScript engine (May 2024).
Importance of Upgrading to Chrome 128:
Google has not disclosed detailed technical information about these vulnerabilities to prevent exploitation by malicious actors. However, the presence of an in-the-wild exploit for CVE-2024-7971 and CVE-2024-7965 underscores the importance of this update. We strongly recommend that users update their browsers to the latest version to ensure protection against these vulnerabilities.
The Chrome 128 security update is available as version 128.0.6613.84 for Linux and version 128.0.6613.84/85 for Windows and macOS. Users should update their browsers promptly to benefit from these essential security enhancements.
Conclusion:
The Chrome 128 update is vital for maintaining the browser’s security and stability by addressing multiple high-severity vulnerabilities, including one actively exploited in the wild. Regular updates and timely application of security patches are crucial for safeguarding digital environments against evolving threats.
Simplify Patch Management with SanerNow
Stuck with multiple tools to try and patch the Google update? Simplify patching with SanerNow. Its a integrated vulnerability and patch management solution built to speed up, automate and achieve comprehensive patching.
SanerNow supports all major OSs such has Windows, macOS and Linux along with 550+ third-party applications. Experience the power of CVEM by scheduling a demo now.
