Jump to content

Recommended Posts

Posted (edited)

portatil-google-chrome.jpg

 

The Chrome web browser has the most significant market share of them all, with 3.45 billion users, so it’s not surprising that many eyes are on the code looking for security flaws. Google has just released version 129 of Chrome, fixing nine security vulnerabilities, and users are urged to update as soon as possible. Here’s what you need to know.

 
 

What’s New In Google Chrome ?

A stable channel update posting for desktop users of the Chrome web browser has announced a new version containing “a number of fixes and improvements.” You can read about Chrome developments here, and the new features of Chrome 129 are highlighted here. However, as a security guy I’m not overly interested in those for now: what I want to explain are the vulnerabilities that have been fixed and how to ensure the newly protected version of the browser is installed and activated on your device.

 

Chrome Security Vulnerabilities Fixed In Version 129

Google has highlighted six vulnerabilities, with one rated as high-severity. This latest security update takes the application to version 129.0.6668.58 or 129.0.6668.59 for Windows and Mac users, and version 129.0.6668.58 for those with Linux installed.

 

As always, this update will roll out across the coming days and weeks, so it is advised that you kickstart the process yourself to ensure that you are protected from the threats that Google has identified.

 
 

Google is withholding the full technical details of the security vulnerabilities that are fixed in this update until such a time as the majority of Chrome users have had the opportunity to update the software.

 

The high-severity security vulnerability, which is not flagged as already being exploited by attackers in the wild as of yet, is as follows:

 

  • VE-2024-8904: Type Confusion in V8. Reported by Popax21 on 2024-09-08

 

The medium-severity security vulnerabilities are:

 

  • CVE-2024-8905: Inappropriate implementation in V8. Reported by Ganjiang Zhou of ChaMd5-H1 team on 2024-08-15
  • CVE-2024-8906: Incorrect security UI in Downloads. Reported by @retsew0x01 on 2024-07-12
  • CVE-2024-8907: Insufficient data validation in Omnibox. Reported by Muhammad Zaid Ghifari on 2024-08-18

 

The low-severity security vulnerabilities are:

 

  • CVE-2024-8908: Inappropriate implementation in Autofill. Reported by Levit Nudi from Kenya on 2024-04-26
  • CVE-2024-8909: Inappropriate implementation in UI. Reported by Shaheen Fazim on 2024-05-18

 

 

Edited by 大†Shinegumi†大

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...