What vulnerabilities are addressed in the Chrome security update?

The update addresses three high-severity vulnerabilities: 1. **CVE-2024-10229 (CVSS score 8.1)** - A flaw in Chrome’s Extensions component that could allow attackers to bypass site isolation protections, potentially enabling unauthorized access to sensitive data across different sites. 2. **CVE-2024-10230 (CVSS score 8.8)** - A type confusion vulnerability in Chrome’s V8 engine that could lead to heap corruption and arbitrary code execution. 3. **CVE-2024-10231 (CVSS score 8.8)** - Another type confusion vulnerability in Chrome’s V8 engine, also leading to heap corruption and potential arbitrary code execution.

How are the vulnerabilities being addressed by Google?

Google is rolling out an automatic security update for Chrome to address these vulnerabilities. Users will receive the update over the coming days as it becomes available.

What should Chrome users do to protect themselves?

Chrome users should ensure their browser is updated to the latest version (130.0.6723.69/.70) to protect against these high-severity vulnerabilities. Users can manually check for updates by navigating to 'Settings' > 'About Chrome' to verify if the update has been applied.

Why is Google restricting access to detailed vulnerability information?

Google temporarily restricts access to detailed information about the vulnerabilities until a majority of users have updated their browsers to the latest version, reducing the risk of exploitation.

Advisory

Google releases security update for Chrome, fixes three high severity issues

Q: What is the latest Google Chrome security update?

Google has released a security update for its Chrome browser, updating to version 130.0.6723.69 for Linux and 130.0.6723.69/.70 for Windows and Mac. The update addresses three high-severity vulnerabilities that could compromise user security.

published: Oct. 24, 2024

Take action: One more update for your Google Chrome and Chromium browsers (Opera, Edge, Brave). This update is quite mild in terms of fixed flaws. Patch when the notification appears on your browser, but don't ignore it.

Learn More

Google has issued a security update for its Chrome browser, addressing three high-severity vulnerabilities that could compromise user security. The latest stable channel update is version 130.0.6723.69 for Linux and 130.0.6723.69/.70 for Windows and Mac.

CVE-2024-10229 (CVSS score 8.1) - A high-severity flaw in Chrome’s Extensions component that could allow attackers to bypass site isolation protections, potentially enabling unauthorized access to sensitive data across different sites.
CVE-2024-10230 and CVE-2024-10231 (both CVSS score 8.8) - Type confusion vulnerabilities in Chrome’s V8 engine. These flaws could lead to heap corruption and allow attackers to execute arbitrary code on affected systems when users visit maliciously crafted websites.

The vulnerabilities were reported by external security researchers. The security update will automatically roll out to users over the coming days.

Google temporarily restricts access to detailed vulnerability information until most users have updated their browsers to the latest version.

Google releases security update for Chrome, fixes three high severity issues