Summary: The Chrome development team has released a new Stable channel update, version 129.0.6668.89/.90, for Windows, Mac, and Linux, which includes important security enhancements and fixes. This update addresses four significant vulnerabilities, three of which were reported by external researchers, urging users to update their browsers promptly.
Threat Actor: N/A | N/A
Victim: Google Chrome Users | Google Chrome
Key Point :
- Version 129.0.6668.89/.90 includes critical security patches for vulnerabilities identified by external researchers.
- CVE-2024-7025: High-severity integer overflow issue in Chrome’s layout components.
- CVE-2024-9369: High-severity insufficient data validation vulnerability in Mojo, Chrome’s IPC library.
- CVE-2024-9370: High-severity inappropriate implementation in V8, Chrome’s JavaScript engine.
- Users are encouraged to update their browsers to benefit from these security enhancements.
The Chrome development team has announced the rollout of a new Stable channel update—version 129.0.6668.89/.90 for Windows and Mac, and 129.0.6668.89 for Linux. This update is set to deploy over the coming days and weeks, bringing with it important security enhancements and fixes.
This latest release addresses four significant security vulnerabilities, three of which were identified and reported by external security researchers. While full details of these vulnerabilities remain restricted until the majority of users have updated, the highlights include:
- CVE-2024-7025: Integer Overflow in Layout
Reported by Tashita Software Security on September 18, 2024, this high-severity flaw pertains to an integer overflow issue within Chrome’s layout components. An exploit could potentially allow attackers to execute arbitrary code or cause a denial of service.
- CVE-2024-9369: Insufficient Data Validation in Mojo
- CVE-2024-9370: Inappropriate Implementation in V8
Reported on September 19, 2024, by Nguyễn Hoàng Thạch, Đỗ Minh Tuấn, and Wu JinLin of STAR Labs SG Pte. Ltd., this high-severity issue affects V8, Chrome’s JavaScript engine. The flaw could lead to unexpected behavior, allowing malicious actors to manipulate web content or execute arbitrary code.
Discovered by Xiantong Hou and Pisanbao of Wuheng Lab on September 19, 2024, this high-severity vulnerability involves inadequate data validation in Mojo, Chrome’s IPC library. This could be exploited to leak sensitive information or escalate privileges.
Chrome users are strongly encouraged to update their browsers to the latest version to benefit from these critical security patches. The update process is typically automatic, but users can manually check for updates by navigating to the “About Google Chrome” section in the browser settings.