What is the critical vulnerability in Google Chrome's recent update?

The critical vulnerability addressed in Google Chrome's latest update, version 124.0.6367.78/.79 for Windows and Mac, and 124.0.6367.78 for Linux, is tracked as CVE-2024-4058. This vulnerability, with a CVSS score of 8.8, is a type confusion issue within ANGLE, Chrome's graphics layer engine. It allows for the possibility of arbitrary code execution or sandbox escapes that require minimal or no user interaction.

What are the other vulnerabilities addressed in Chrome 124 update?

In addition to CVE-2024-4058, the Chrome 124 update also resolves two other vulnerabilities. CVE-2024-4059, with a CVSS score of 8.8, involves an out-of-bounds read in the V8 API. CVE-2024-4060, with a CVSS score of 9.8, is a use-after-free error in the Dawn component. Both of these are categorized as near critical or critical issues.

Has CVE-2024-4058 been exploited in the wild?

As of the latest update from Google, there is no evidence that CVE-2024-4058 has been exploited in the wild. However, given the nature of the vulnerability and its potential for enabling automated attacks by cybercriminals, users are strongly advised to update their browsers as soon as possible to mitigate any risks.

Why is it important to update to the latest version of Chrome?

Updating to the latest version of Chrome is crucial as it addresses critical vulnerabilities that could be exploited by cybercriminals to execute arbitrary code, escape sandboxes, or perform unauthorized actions without significant user interaction. Timely application of security updates helps protect users from potential attacks and maintain system integrity.

Advisory

Google releases new Chrome, patching a critical vulnerability

published: April 24, 2024

Take action: Update your Chrome and Chromium based browsers (Brave, Edge, Opera) ASAP. There are three issues that have been patched that are vaguely explained, which usually means they are easily exploited. Don't delay, the update is trivial, and the browser reopens all closed tabs after restarting.

Learn More

Google has released an update for its Chrome browser - 124.0.6367.78/.79 for Windows and Mac and 124.0.6367.78 to Linux.

The patch addresses a critical vulnerability, tracked as CVE-2024-4058 (CVSS score 8.8), which is caused a type confusion issue within ANGLE, Chrome's graphics layer engine. This flaw allows for the possibility of arbitrary code execution or sandbox escapes that require minimal or no user interaction, enabling automated attacks by cybercriminals.

The flaw was reported in a blog post by Google on April 24, though the company did not confirm whether the vulnerability had been exploited in the wild.

While there is currently no evidence of CVE-2024-4058 being exploited in the wild, the potential for such exploits is a concern. Users are advised to patch as soon as possible.

In addition to CVE-2024-4058, the Chrome 124 update also resolves two near critical or critical issues, but with very little details disclosed about them"

CVE-2024-4059 (CVSS score 8.8) an out-of-bounds read in the V8 API
CVE-2024-4060 (CVSS score 9.8) a use-after-free error in the Dawn component.

Google releases new Chrome, patching a critical vulnerability

Read More
Google releases update for Chrome and Chromium browsers, …
Critical Zoom windows client vulnerabilities enable privilege escalation
Microsoft releases July 2025 Patch fixing one critical …
Google releases new Chrome update updating a high …
Intel Patches vulnerability found in many generations of …