Google Chrome: Update fixes attacked security vulnerability and 37 others
Google has released an update for the Chrome web browser. It closes 38 security vulnerabilities, one of which is already being abused.
Security gaps in Google Chrome put users at risk.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
There are a total of 38 security gaps in Google's Chrome web browser, which the developers plugged with an update last night. One of the gaps is already under attack in the wild. Users should therefore ensure that they are using the latest software version.
In the release announcement for the new Chrome build, Google's programmers list seven vulnerabilities classified as high-risk, nine as medium-risk and four as low-risk. There is no information on 18 vulnerabilities – Google usually withholds information in this way when the leaks are discovered during internal analyses.
Chrome: Gap already abused
The vulnerability that has already been abused in the wild is a "type confusion" vulnerability in the Javascript engine V8 (CVE-2024-7971, no CVSS value,"high" risk according to Google). With this type of vulnerability, data types that actually occur do not match the expected ones, which can lead to access outside of intended memory areas due to different sizes and, under certain circumstances, to the execution of injected code. The vulnerability was reported by MIcrosoft's MSRC and MSTIC on Monday of this week.
Videos by heise
The other vulnerabilities classified as high risk also allow unexpected access to unintended memory areas. Some gaps consist of resources being accessed, although they have already been released (use after free), heap-based buffer overflows or direct access to memory areas not intended for this purpose. The vulnerabilities can usually be provoked by displaying carefully prepared websites.
Chrome versions 28.0.6613.88 for Android, 128.0.6613.92 for iOS, 128.0.6613.84 for Linux and 128.0.6613.84/.85 for macOS and Windows seal the vulnerabilities.
Update check
The version dialog reveals whether the web browser is already up to date. This can be accessed by clicking on the icon with the three stacked dots to the right of the address bar and continuing via "Help" – "About Google Chrome".
(Image:Â Screenshot / dmk)
As the Chromium browser also serves as a basis for others, updates for the web browsers derived from it, such as Microsoft Edge, should also be available soon. These should then also be installed quickly.
Two weeks ago, Google's developers had already patched six vulnerabilities in Chrome, one of which they had classified as a critical security risk. At the same time, Mozilla closed security gaps with new software versions of Fikrefox, Firefox ESR and Thunderbird.
(dmk)
