Focus Mode
Cyber Attack

Google Chrome Gets Patches for Two High-Severity Vulnerabilities

Cyware


### #ChromeUpdate #V8Engine #SecurityEnhancements

Summary: Google has released a new stable update for its Chrome browser, addressing multiple security vulnerabilities, including two classified as “High” severity. Users are urged to update their installations to benefit from these critical security fixes.

Threat Actor: N/A | N/A
Victim: Google Chrome Users | Google Chrome

Key Point :

  • Chrome version 131.0.6778.139/.140 addresses vulnerabilities reported by external researchers.
  • CVE-2024-12381 involves a Type Confusion flaw in the V8 JavaScript engine, allowing potential arbitrary code execution.
  • CVE-2024-12382 is a “Use After Free” vulnerability in Chrome’s Translate feature, which could lead to crashes or system control by attackers.
  • Users should ensure their Chrome installations are updated automatically or manually for enhanced security.

Google has announced its Chrome browser’s latest stable channel update, addressing several security vulnerabilities, including two classified as “High” severity. The update, rolling out progressively to Windows, Mac, and Linux users over the coming days/weeks, brings Chrome to version 131.0.6778.139/.140 for Windows and Mac, and 131.0.6778.139 for Linux.

This release prioritizes user security by incorporating fixes for vulnerabilities identified and reported by external researchers. Notably:

  • CVE-2024-12381: Type Confusion in V8: This vulnerability, discovered by security researcher Seunghyun Lee (@0x10n), resided within the V8 JavaScript engine. Type confusion flaws can allow attackers to execute arbitrary code, potentially compromising user systems. This fix mitigates the risk posed by this vulnerability.
  • CVE-2024-12382: Use After Free in Translate: Identified by lime(@limeSec_) from the TIANGONG Team of Legendsec at QI-ANXIN Group, this “use after free” vulnerability within Chrome’s Translate functionality could lead to program crashes or, in more severe scenarios, grant attackers control over the affected system.

Users are strongly encouraged to ensure their Chrome installations are updated to the latest version to benefit from these critical security enhancements. Chrome typically updates automatically, but users can also manually initiate an update by navigating to Help > About Google Chrome within the browser menu.

Related Posts:

Source: https://securityonline.info/google-chrome-patches-high-severity-vulnerabilities-cve-2024-12381-cve-2024-12382

Tags: CVE, BROWSER, VULNERABILITY, LINUX, WINDOWS