Google recently announced the release of Chrome version 124, accompanied by crucial security patches addressing four vulnerabilities, including one deemed critical. This update, which is gradually rolling out to users across Windows, Mac, and Linux platforms over the upcoming days and weeks, marks an essential step in fortifying the browser's defenses.
The critical vulnerability, identified as CVE-2024-4058, has been categorized as a type confusion bug within the ANGLE graphics layer engine. This flaw, tagged with a 'critical' severity rating, carries the potential for remote exploitation, enabling threat actors to execute arbitrary code or perform sandbox escapes with limited user interaction. Notably, such 'critical' designations are relatively rare for Chrome vulnerabilities, underscoring the significance of this patch.
Google acknowledged the contribution of external researchers in identifying and reporting critical issues. Specifically, two researchers from Qrious Secure were granted a $16,000 reward for disclosing CVE-2024-4058. Qrious Secure, a group of experienced security enthusiasts, has a track record of discovering vulnerabilities and collaborating with Google to enhance Chrome's security posture.
In addition to the critical fix, the Chrome 124 update addresses two high-severity vulnerabilities: CVE-2024-4059, an out-of-bounds read in the V8 API, and CVE-2024-4060, a use-after-free vulnerability in the Dawn component. The rewards for these findings are yet to be determined.
Google's ongoing commitment to security is evidenced by its continuous internal auditing processes, fuzzing techniques, and collaborations with security researchers. Various tools like AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL play crucial roles in detecting and mitigating security risks before they reach the stable channel.
Despite the seriousness of these vulnerabilities, Google has not reported any instances of CVE-2024-4058 being exploited in the wild. However, it's worth noting that type confusion bugs, while not uncommon, are typically associated with the V8 JavaScript engine rather than the ANGLE graphics layer engine addressed in this update.
For Chrome users interested in the latest security enhancements and feature updates, Google guides switching release channels and encourages the community to report any new issues through bug filings or seek assistance in the community help forum.
The Chrome 124 update reflects Google's ongoing dedication to safeguarding user experiences and maintaining a secure browsing environment.
In our blog, we post technology-related articles weekly. Follow us on Facebook and Instagram to get notifications about updates.
