Google Chrome: Critical security vulnerability patched
This time, the weekly update for Google's Chrome web browser closes a security vulnerability classified as a critical risk.
Security gaps in Google Chrome put users at risk.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
The developers at Google have closed two security vulnerabilities in the web browser with the weekly Chrome update. They classify one of them as a critical risk – Users should therefore make sure to use the secure versions before continuing to surf.
In a blog post, the Google programmers explain that the update from Wednesday night fixes two vulnerabilities. One is a potential write access outside the intended limits in the Dawn component of Chrome (CVE-2024-10487, no CVSS value, risk"critical" according to Google). Dawn is the implementation of the WebGPU standard in Chrome. Write access to memory areas not intended for this purpose often allows attackers to inject and execute malicious code. The display of a manipulated website appears to be sufficient for this and provoking the gap does not appear to be difficult, which suggests the risk classification.
Google Chrome: High-risk vulnerability
The programmers have also sealed a use-after-free gap in the WebRTC implementation. This allows attackers to access resources that have already been released and whose content is not defined, which can also often be misused to execute injected code (CVE-2024-10488, no CVSS value,"high" risk according to Google). WebRTC includes protocols and program interfaces for real-time communication.
Videos by heise
Google has closed the security gaps in Chrome for Android 130.0.6723.86, for iOS 130.0.6723.90, for Linux in version 130.0.6723.91 and with version 130.0.6723.91/.92 for macOS and Windows. The "Extended Stable" version is now also secured in version 130.0.6723.92 for macOS and Windows. With its regular updates, Google often seals security vulnerabilities that reach a maximum severity of high; vulnerabilities classified as critical threats or already exploited in the wild are comparatively rare –. This was last the case at the end of August. Anyone using Chrome should therefore ensure that they are using the latest versions.
Browser version check
On Windows and macOS, simply call up the version dialog by clicking on the icon with the three stacked dots to the right of the address bar, then continue via "Help" to "About Google Chrome".
(Image:Â Screenshot / dmk)
There, the web browser displays the currently active version of the running software. If updates are available, it installs them and prompts you to restart the browser. Under Linux, the software management of the distribution used is usually responsible for this. Under Android and iOS, updates can be found in the respective app stores. However, not every smartphone model is offered the update immediately; this can take up to a few days, especially for slightly older models.
Other web browsers are not safe from vulnerabilities either: On Tuesday, Mozilla updated the Firefox and Firefox ESR web browsers and the Thunderbird mail program in all supported version branches and sealed security leaks, some of which are classified as high risk. The update also marked the transition to the 132 development branch for Firefox.
(dmk)
