Google released a Chrome update fixing critical vulnerabilities that could allow arbitrary code execution. Version 129.0.6668.89/.90 is now available for Windows, Mac, and Linux.
All about the chrome vulnerabilities
Three of the four security fixes in this update were reported by external researchers, highlighting collaboration’s role in browser security. The most severe vulnerabilities include:
- Integer Overflow in Layout (CVE-2024-7025): Could allow arbitrary code execution or denial of service.
- Insufficient Data Validation in Mojo (CVE-2024-9369): May lead to sensitive data leaks or privilege escalation.
- Inappropriate Implementation in V8 (CVE-2024-9370): Allows code execution or web content manipulation.
Google’s Chrome Vulnerability Rewards Program (VRP), active for 14 years, plays a key role in finding and fixing security flaws. The program offers up to $250,000 for reporting critical vulnerabilities.
Recently, Google increased rewards to encourage deeper research. For example, discovering a Remote Code Execution (RCE) flaw could earn up to $250,000, while finding a controlled write bug could bring in up to $90,000.
Chrome users should update their browsers right away to stay protected from these security risks. Although updates usually happen automatically, users can check for updates manually by going to the “About Google Chrome” section in settings.
Leave A Comment