Google releases Chrome 128 fixing eight high severity flaws

Google has released two security updates for the Chrome browser over the past week, addressing a total of eight vulnerabilities, including six high-severity flaws reported by external researchers.

Last week, Google announced the release of Chrome version 128, which includes patches for four high-severity memory safety vulnerabilities reported by external researchers. These security flaws are:

• CVE-2024-7969 (CVSS score 8.8) Type Confusion in V8.
• CVE-2024-8193 (CVSS score 8.8) Heap buffer overflow in Skia.
• CVE-2024-8194 (CVSS score 8.8) Type Confusion in V8.
• CVE-2024-8198 (CVSS score 8.8) Heap buffer overflow in Skia.

These vulnerabilities were resolved in Chrome versions 128.0.6613.113/.114 for Windows and macOS, and version 128.0.6613.113 for Linux.

On Monday 2nd of September, Google released another update for Chrome 128, addressing additional vulnerabilities.

• CVE-2024-8362 (CVSS score not assigned) Use after free in WebAudio.
• CVE-2024-7970 (CVSS score not assigned) Out of bounds write in V8.

These vulnerabilities have been fixed in Chrome versions 128.0.6613.119/.120 for Windows and macOS, and version 128.0.6613.119 for Linux.

Google has not reported any of these vulnerabilities being actively exploited in the wild. However, the rapid release of these patches indicates that users should update their Chrome browsers as soon as possible to mitigate potential risks.