Chrome releases version 129 patching 6 flaws, one high severity
Take action: This one is a relatively normal update to Chrome. No critical issues, just regular maintenance with some high severity issues. The high severity flaws will become a risk as hackers learn to exploit them, so make sure to update your Chrome, Opera, Brave, Edge this week.
Learn More
Google has announced the release of Chrome 129, addressing nine security vulnerabilities, including six reported by external researchers. Among these, the most severe is a type confusion bug in the V8 JavaScript engine, tracked as CVE-2024-8904. This vulnerability, reported on September 8, 2024, is a type of memory safety bug that allows attackers to modify variables, potentially leading to crashes or remote code execution. It is the highest-severity issue in this update, and Google has yet to finalize the bug bounty amount for this flaw.
Vulnerabilities Addressed in Chrome 129:
-
CVE-2024-8904 (CVSS score 8.8), Chromium severity High - Type confusion in V8 engine
-
CVE-2024-8905 (CVSS score 8.8), Chromum severity Medium - Inappropriate implementation in V8 in Google Chrome
-
CVE-2024-8906 (CVSS score 4.3), Chromum severity Medium - incorrect security UI in Downloads
-
CVE-2024-8907 (CVSS score 6.1), Chromum severity Medium - insufficient data validation in Omnibox
-
CVE-2024-8908 (CVSS score 4.3), Chromum severity Low - inappropriate implementation in Autofill
-
CVE-2024-8909 (CVSS score 4.3), Chromum severity Low - inappropriate implementation in UI components
The new Chrome versions 129.0.6668.58 for Linux and 129.0.6668.58/.59 for Windows and macOS have started rolling out and will continue over the coming days. Google has not reported any of these vulnerabilities being actively exploited in the wild.
