Google Addressed Numerous Security Flaws With Chrome 126

With the latest Chrome 126 release, Google patched multiple security flaws affecting the browser, including a high-severity vulnerability exploited at a hacking event.

Google Chrome 126 Fix Multiple Security Flaws

This week, Google rolled out the Chrome browser version 126 (stable release) for the users. Like most security updates, this stable release also addressed numerous security flaws in the browser that could have severely impacted users when exploited.

One of these vulnerabilities includes a type confusion vulnerability in Chrome’s V8 component. The vulnerability first caught the attention of security researcher Seunghyun Lee, who demonstrated the flaw at the recent SSD Secure Disclosure’s TyphoonPWN 2024 hacking event. Identified as CVE-2024-6100, this vulnerability received a high severity rating and earned the researchers a $20,000 bounty for the discovery.

Another major security fix addressed CVE-2024-6101, a high-severity vulnerability due to inappropriate implementation in WebAssembly. Google credited the researcher with the alias “ginggilBesel” for reporting the flaw, who also won a $7000 bounty.

Besides, this Chrome release also includes two other security fixes for high-severity vulnerabilities in Dawn. These are CVE-2024-6102, an out-of-bounds memory access, and CVE-2024-6103, a use-after-free flaw. Google acknowledged the researcher with the alias “wgslfuzz” for reporting both vulnerabilities.

As mentioned in Google’s release update, these security fixes have been released with Chrome 126.0.6478.114/115 for Windows and Mac devices and 126.0.6478.114 for Linux systems. Moreover, the tech giant released the same security patches with Chrome for Android version 126.0.6478.110, which users may download from the Google Play Store.

Since Google released these patches with the respective Chrome browsers for different systems, users must keep their devices updated with the latest browser releases to remain safe. Thankfully, none of these vulnerabilities is zero-day, saving users from the worries of active attacks. Still, keeping all devices up-to-date with the latest releases is important for better security.

Let us know your thoughts in the comments.

Related posts

NachoVPN Attack Risks Corporate VPN Clients

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Websites