Google has addressed four vulnerabilities in its Chrome browser.
The most critical vulnerability, designated CVE-2024-4058. This flaw resides within ANGLE, a component of Chrome that translates graphics commands. If successfully exploited, it could allow attackers to execute arbitrary code on a victim’s machine, potentially leading to data theft, malware installation, or further system compromise.
Two other “high” severity vulnerabilities were also patched in this release:
- CVE-2024-4059: An out-of-bounds read vulnerability in Chrome’s V8 JavaScript engine could potentially lead to the disclosure of sensitive information.
- CVE-2024-4060: A use-after-free vulnerability in Dawn (Chrome’s WebGPU implementation) could be exploited for malicious purposes.
While Google hasn’t observed any active attacks leveraging these vulnerabilities, security experts often advise swift patching. Cybercriminals frequently reverse-engineer security updates to discover unpatched vulnerabilities, making it a race against time.
The recently released security updates – versions 124.0.6367.78/.79 for Windows and Mac and 124.0.6367.78 for Linux – are essential for protecting user data and system security. Users of the Extended Stable channel have also received these updates.
