Google Chrome Urgent Security Update Patches Critical Vulnerabilities
Google has released a critical security update for Chrome, addressing 17 vulnerabilities across various components, including WebAudio, accessibility, and WebUI. These vulnerabilities pose significant risks to user data and system security.
High-Severity Vulnerabilities:
- CVE-2024–0807 (Use after free in WebAudio): This high-severity flaw allows remote attackers to exploit heap corruption via specially crafted HTML pages.
- CVE-2024–0812 (Inappropriate implementation in accessibility): This high-severity vulnerability enables remote attackers to exploit object corruption via crafted HTML pages, potentially compromising sensitive information.
- CVE-2024–0808 (Integer underflow in WebUI): This high-severity issue empowers remote attackers to exploit heap corruption via malicious files, posing a serious risk to user data and system stability.
Medium-Severity Vulnerabilities:
- CVE-2024–0810 (Insufficient policy enforcement in DevTools): This medium-severity vulnerability allows unauthorized access to restricted areas of the browser’s DevTools, potentially enabling attackers to manipulate browser settings or gain access to sensitive information.
- CVE-2024–0814 (Incorrect security UI in Payments): This medium-severity flaw allows attackers to bypass security measures and potentially conduct unauthorized transactions within the Chrome Payments system.
- CVE-2024–0813 (Use after free in Reading Mode): This moderate vulnerability enables remote attackers to exploit heap corruption and potentially gain unauthorized access to sensitive information while users are in Reading Mode.
- CVE-2024–0806 (Use after free in Passwords): This medium-severity flaw allows attackers to exploit memory corruption and potentially access or modify sensitive user passwords stored in Chrome.
- CVE-2024–0805 (Inappropriate implementation in Downloads): This medium-severity vulnerability allows unauthorized access to downloaded files, potentially enabling attackers to execute malicious code or gain access to sensitive data.
- CVE-2024–0804 (Insufficient policy enforcement in iOS Security UI): This medium-severity flaw enables unauthorized access to restricted areas of the browser’s security UI on iOS devices, potentially compromising user privacy and security settings.
Low-Severity Vulnerabilities:
- CVE-2024–0811 (Inappropriate implementation in Extensions API): This low-severity vulnerability allows unauthorized access to extension data and potentially modifying or deleting it.
- CVE-2024–0809 (Inappropriate implementation in Autofill): This low-severity flaw allows unauthorized access to autofill data and potentially modifying or deleting it.
Important Recommendation:
Google strongly recommends that all Chrome users update to the latest version (121.0.6167.85 for Mac and Linux, 121.0.6167.85/.86 for Windows) as soon as possible to mitigate these critical security risks.
