On Wednesday, August 21, 2024, Google's Chrome team announced the promotion of Chrome 128 to the stable channel for Windows, Mac, and Linux platforms. This latest update, version 128.0.6613.84 for Linux and 128.0.6613.84/.85 for Windows and Mac, brings a host of improvements and critical security fixes.
The update addresses 38 security vulnerabilities, with several high-severity issues being resolved. Notable among these is CVE-2024-7964, a use-after-free vulnerability in the Passwords feature, which earned an anonymous researcher a $36,000 bounty. Other high-severity fixes include a V8 implementation flaw (CVE-2024-7965) and an out-of-bounds memory access issue in Skia (CVE-2024-7966).
Of particular concern is CVE-2024-7971, a high-severity type confusion vulnerability in V8, reported by Microsoft's Threat Intelligence Center and Security Response Center. Google has acknowledged that an exploit for this vulnerability exists in the wild, highlighting the importance of this update for user security.
The Chrome team also addressed several medium and low-severity issues, covering areas such as PDFium, Permissions, FedCM, and the Chrome installer. These fixes demonstrate Google's commitment to enhancing the browser's overall security posture.
Google emphasized the collaborative nature of browser security, thanking external researchers who contributed to identifying and reporting these vulnerabilities. The company also highlighted its use of various security tools and techniques, including AddressSanitizer, MemorySanitizer, and fuzzing, in its ongoing internal security efforts.
Users are encouraged to update their Chrome browsers to the latest version as it rolls out over the coming days and weeks. This update not only patches critical security holes but also includes various improvements that enhance the browser's performance and functionality.
