Jump to content

Google Chrome 126.0.6478.183 Dual x86x64 Silent


Recommended Posts

Posted (edited)
Google Chrome homepage on a computer screen. Google Chrome is a cross-platform web browser developed by Google.

(Adobe Stock)

 

Google has issued a Chrome 126 security update, addressing six vulnerabilities, including a flaw, tracked as CVE-2024-6100 which was demonstrated during the SSD Secure Disclosure’s TyphoonPWN 2024. TyphoonPWN is a live hacking competition held annually at TyphoonCon, an Offensive Security Conference in Seoul, South Korea.

The vulnerability is a high-severity type confusion issue in the V8 script engine that was reported by Seunghyun Lee (@0x10n) participating in SSD Secure Disclosure’s TyphoonPWN 2024 on 2024-06-04

Lee received a $20,000 bug bounty reward for reporting the issue.

Google also addressed the following issues:

  • A high-severity inappropriate implementation issue, tracked as CVE-2024-6101, in WebAssembly. @ginggilBesel reported the flaw on 2024-05-31 and Google awarded him $7000.
  • A high-severity out-of-bounds memory access in Dawn, tracked as CVE-2024-6102. wgslfuzz reported the flaw on 2024-05-07.
  • A high-severity use after free in Dawn tracked as CVE-2024-6103: wgslfuzz reported the flaw on 2024-06-04

Google hasn’t shared technical details on the vulnerabilities, the good news is that the company is not aware of attacks in the wild exploiting the flaws addressed by the Chrome 126 security update.

Google Chrome 126 Vulnerabilities

In total, this security update addresses 21 vulnerabilities in Chrome. The Center for Internet Security (CIS) lists in their advisory that the risk associated with not updating is high for all sizes of businesses and government entities.

Additionally, CIS adds:

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

  • High CVE-2024-5830: Type Confusion in V8
  • High CVE-2024-5831: Use after free in Dawn
  • High CVE-2024-5832: Use after free in Dawn
  • High CVE-2024-5833: Type Confusion in V8
  • High CVE-2024-5834: Inappropriate implementation in Dawn
  • High CVE-2024-5835: Heap buffer overflow in Tab Groups
  • High CVE-2024-5836: Inappropriate Implementation in DevTools
  • High CVE-2024-5837: Type Confusion in V8
  • High CVE-2024-5838: Type Confusion in V8
  • Medium CVE-2024-5839: Inappropriate Implementation in Memory Allocator
  • Medium CVE-2024-5840: Policy Bypass in CORS
  • Medium CVE-2024-5841: Use after free in V8
  • Medium CVE-2024-5842: Use after free in Browser UI
  • Medium CVE-2024-5843: Inappropriate implementation in Downloads
  • Medium CVE-2024-5844: Heap buffer overflow in Tab Strip
  • Medium CVE-2024-5845: Use after free in Audio
  • Medium CVE-2024-5846: Use after free in PDFium
  • Medium CVE-2024-5847: Use after free in PDFium

 

Edited by 大†Shinegumi†大
Link to comment
Share on other sites

Chrome for Android Update

Thursday, May 23, 2024

 Hello, Everyone! We've just released Chrome 125 (125.0.6422.112/.113) for Android: it'll become available on Google Play over the next few days.

This release includes stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.

 
Android releases contain the same security fixes as their corresponding Desktop (Windows & Mac: 125.0.6422.112/.113 and Linux:125.0.6422.112 ) unless otherwise noted.
 
Krishna Govind
Link to comment
Share on other sites

This release includes stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.

Android releases contain the same security fixes as their corresponding Desktop (Windows & Mac:  126.0.6478.126/127  and Linux:126.0.6478.126  ) unless otherwise noted.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...