Chrome 130 Released with Fix for 17 Security Flaws
Google has released Chrome 130, addressing 17 security vulnerabilities in the popular web browser. This latest update, version 130.0.6723.58/.59 for Windows and Mac and 130.0.6723.58 for Linux is being rolled out gradually to users over the coming days and weeks.
Among the 17 security fixes, several were contributed by external researchers and classified according to severity.
The most critical vulnerability, rated as high severity, is CVE-2024-9954, a use-after-free flaw in the AI component of Chrome. This vulnerability was reported by a researcher known as DarkNavy and earned a substantial bounty of $36,000.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide(PDF)
CVE-2024-9954: High severity – Use after free in AI
CVE-2024-9955: Medium severity – Use after free in Web Authentication
CVE-2024-9956: Medium severity – Inappropriate implementation in Web Authentication
CVE-2024-9957: Medium severity – Use after free in UI
CVE-2024-9958: Medium severity – Inappropriate implementation in PictureInPicture
CVE-2024-9959: Medium severity – Use after free in DevTools
CVE-2024-9960: Medium severity – Use after free in Dawn
CVE-2024-9961: Medium severity – Use after free in Parcel Tracking
CVE-2024-9962: Medium severity – Inappropriate implementation in Permissions
CVE-2024-9963: Medium severity – Insufficient data validation in Downloads
CVE-2024-9964: Low severity – Inappropriate implementation in Payments
CVE-2024-9965: Low severity – Insufficient data validation in DevTools
CVE-2024-9966: Low severity – Inappropriate implementation in Navigations
The update also addresses multiple medium-severity vulnerabilities, including issues in Web Authentication, UI, PictureInPicture, DevTools, Dawn, and Parcel Tracking. These flaws range from use-after-free bugs to inappropriate implementations and insufficient data validation.
Google has implemented its standard practice of restricting access to detailed bug information until the majority of users have updated their browsers. This measure is designed to protect users from potential exploitation while the update is being distributed.
Chrome users are strongly advised to update their browsers as soon as possible to ensure protection against these security flaws. To update Chrome, users can navigate to the browser’s settings, click on “About Chrome,” and allow the browser to check for and install any available updates.
This release underscores Google’s ongoing commitment to browser security and the importance of its bug bounty program in identifying and addressing potential vulnerabilities.
The company has expressed gratitude to all security researchers who contributed to making Chrome more secure during its development cycle.
Strategies to Protect Websites & APIs from Malware Attack => Free Webinar
The post Chrome 130 Released with Fix for 17 Security Flaws appeared first on Cyber Security News.
