Chrome fixes four high-severity issues
Take action: Even though the severity of the issues is just below the critical score, it's still wise to update your Chrome and Chromium based browsers. Because someone will find a way to exploit even those issues.
Learn More
The most recent update for Google Chrome version 120.0.6099.199 for Mac and Linux, and version 120.0.6099.199/200 for Windows, includes several important security fixes. The Extended Stable channel for Chrome has been updated to version 120.0.6099.200 for Windows and 120.0.6099.199 for Mac.
A key aspect of this update is the resolution of four security issues, at least three of which could potentially allow an attacker to gain control over a browser. These vulnerabilities were related to "use-after-free" conditions, a scenario where a program continues to use a pointer after the memory it points to has been freed, leading to possible malicious exploitation.
The vulnerabilities addressed include:
- CVE-2024-0222 (CVSS3 score 8.8): A high-severity issue involving use after free in ANGLE, a part of Chrome that could be exploited via a specially crafted HTML page, leading to heap corruption.
- CVE-2024-0223 (CVSS3 score 8.8): A similar high-severity flaw, a heap buffer overflow in ANGLE.
- CVE-2024-0224 (CVSS3 score 8.8): A use after free issue in WebAudio, which was identified as a high-severity risk that could allow remote attackers to exploit heap corruption.
- CVE-2024-0225 (CVSS3 score 8.8): Another high-severity use after free vulnerability was found in WebGPU, which could have allowed remote attackers to exploit heap corruption through a custom HTML page.
To protect against these vulnerabilities, users are advised to update their Google Chrome browser to the latest version.
