What is the most critical vulnerability fixed in Chrome version 130?

The most critical vulnerability fixed in Chrome version 130 is CVE-2024-9954, a high-severity use-after-free vulnerability in Chrome's AI component. This flaw could potentially allow attackers to execute arbitrary code or cause browser crashes. The vulnerability was discovered by the researcher 'DarkNavy' and earned a $36,000 bug bounty reward.

How many security vulnerabilities were addressed in Chrome version 130?

Chrome version 130 addresses a total of 17 security vulnerabilities, including one high-severity issue (CVE-2024-9954) and several medium- and low-severity vulnerabilities.

What other vulnerabilities were fixed in Chrome version 130?

In addition to CVE-2024-9954, Chrome version 130 also fixed several medium-severity vulnerabilities, such as use-after-free issues in Web Authentication (CVE-2024-9955), UI (CVE-2024-9957), DevTools (CVE-2024-9959), and other components. Low-severity issues, like inappropriate implementation in Payments (CVE-2024-9964) and insufficient data validation in DevTools (CVE-2024-9965), were also addressed.

How can users update Chrome to version 130?

To manually update Chrome to version 130, users can go to Settings > About Chrome. The browser will automatically check for and install the latest updates. Users are strongly advised to update their browsers immediately to mitigate security risks.

Has Google reported any active exploitation of these vulnerabilities?

As of the announcement, Google has reported no known in-the-wild exploits related to the vulnerabilities fixed in Chrome version 130. However, users are encouraged to update promptly to ensure they are protected from potential future attacks.

Advisory

Google releases Chrome 130, patches 17 security vulnerabilities

published: Oct. 16, 2024

Take action: Time to click update on your Google Chrome and Chromium browsers (Opera, Edge, Brave). This update is not terrible in terms of fixed flaws, but hackers can still find ways to exploit them. So you better patch - it's very easy and all your tabs come back after the update.

Learn More

Google has released Chrome version 130, addressing 17 security vulnerabilities, including a significant high-severity issue. The update is being rolled out gradually to users across Windows, macOS, Linux, and Android platforms.

The most critical flaw, CVE-2024-9954, is a high-severity use-after-free vulnerability in Chrome's AI component. Discovered by the researcher "DarkNavy," it earned a $36,000 bug bounty reward. This vulnerability could allow attackers to manipulate freed memory, potentially leading to arbitrary code execution or browser crashes.

In total, the security fixes cover a wide range of vulnerabilities:

CVE-2024-9954: High severity – Use after free in AI component.
CVE-2024-9955: Medium severity – Use after free in Web Authentication.
CVE-2024-9956: Medium severity – Inappropriate implementation in Web Authentication.
CVE-2024-9957: Medium severity – Use after free in UI.
CVE-2024-9958: Medium severity – Inappropriate implementation in PictureInPicture.
CVE-2024-9959: Medium severity – Use after free in DevTools.
CVE-2024-9960: Medium severity – Use after free in Dawn.
CVE-2024-9961: Medium severity – Use after free in Parcel Tracking.
CVE-2024-9962: Medium severity – Inappropriate implementation in Permissions.
CVE-2024-9963: Medium severity – Insufficient data validation in Downloads.
CVE-2024-9964: Low severity – Inappropriate implementation in Payments.
CVE-2024-9965: Low severity – Insufficient data validation in DevTools.
CVE-2024-9966: Low severity – Inappropriate implementation in Navigations.

Google's standard practice of limiting access to full vulnerability details remains in effect to prevent exploitation until most users have updated. The company also claims no known in-the-wild exploits related to these vulnerabilities at the time of the announcement.

Users are strongly advised to update their browsers immediately. To manually update Chrome, go to Settings > About Chrome, where the browser will automatically check for and install available updates.

Google releases Chrome 130, patches 17 security vulnerabilities

Read More
Critical Privilege Escalation Vulnerability in OpenClaw AI Agent …
Apple releases iOS 17.2, patches multiple critical flaws
Cisco Webex reports Client-Side remote code execution vulnerability
Microsoft August 2025 Patch Tuesday fixes 107 vulnerabilities, …
Mobile Security Threats Every Smartphone User Should Know …