Google has released a new Chrome 128 update that addresses five vulnerabilities, including four high-severity vulnerabilities reported by external researchers.
The first vulnerability, tracked as CVE-2024-8636, is a heap buffer overflow bug in Skia, the open source 2D graphics library that serves as the graphics engine in the browser.
The second vulnerability tracked as CVE-2024-8637, a use-after-free security defect in Media Router. Due to the incorrect use of memory allocation, use-after-free vulnerabilities could lead to code execution, data corruption, or denial-of-service.
The third vulnerability tracked as CVE-2024-8638, a type of confusion in the V8 JavaScript engine. Such security defects typically lead to unexpected application behavior, crashes, and remote code execution.
The fourth vulnerability tracked as CVE-2024-8639, a use-after-free flaw in Autofill.
Google said it’s unaware of any vulnerabilities exploited in the wild. The new browser update is now rolling out as Chrome versions 128.0.6613.137/.138 for Windows and macOS, and as version 128.0.6613.137 for Linux.
