Google has released Chrome 129, with bug fixes for several vulnerabilities, which are now available on the stable channel for Windows, Mac, and Linux users.
The new version release addresses nine vulnerabilities, of which the malicious actors could potentially exploit. Several of these fixes were contributed by external security researchers.
Key security issues addressed include:
- CVE-2024-8904: A type confusion vulnerability in V8, reported by Popax21 on September 8, 2024. This flaw could potentially allow attackers to execute arbitrary code within the context of the browser.
- CVE-2024-8905: An inappropriate implementation issue in V8, reported by Ganjiang Zhou of the ChaMd5-H1 team. This vulnerability was identified on August 15, 2024, and has been awarded a bounty of $8,000.
- CVE-2024-8906: An incorrect security UI issue in Downloads, reported by @retsew0x01 on July 12, 2024. This medium-severity flaw received a reward of $2,000.
Other bug fixes include insufficient data validation in Omnibox (CVE-2024-8907), inappropriate implementation in Autofill (CVE-2024-8908), and UI issues (CVE-2024-8909), each with varying levels of severity and associated rewards.
Google maintains restrictions on detailed bug information until a majority of users have updated to ensure user safety and prevent exploitation of these vulnerabilities before they are widely patched.
The latest version, Chrome 129.0.6668.58 for Linux and 129.0.6668.58/.59 for Windows and Mac will be rolled out in the coming weeks
