What are the critical vulnerabilities addressed in the latest Google Chrome update?

The latest Google Chrome update addresses two major security vulnerabilities: CVE-2024-10487, an out-of-bounds write flaw in the Dawn graphics system, and CVE-2024-10488, a use-after-free flaw in WebRTC. Both vulnerabilities have a CVSS score of 8.8 and can lead to remote code execution or system crashes.

What versions of Chrome are included in the update?

The updated Chrome versions are 130.0.6723.91/.92 for Windows and Mac, and 130.0.6723.91 for Linux, covering both the Stable and Extended Stable channels.

What is CVE-2024-10487?

CVE-2024-10487 is an out-of-bounds write vulnerability in the Dawn graphics system. It allows attackers to write beyond allocated memory, which could result in remote code execution or system crashes.

What is CVE-2024-10488?

CVE-2024-10488 is a use-after-free vulnerability in WebRTC that allows attackers to access freed memory, leading to arbitrary code execution or crashes, posing a risk of data breaches.

How can users update Google Chrome to the latest version?

Users can update Google Chrome by going to 'About Google Chrome' in the browser's settings. While the update will be rolled out automatically, it may require a manual restart of the browser to apply the changes.

Why is it important to update Google Chrome immediately?

Updating Google Chrome immediately is crucial because the vulnerabilities can lead to remote code execution, system crashes, or data breaches if exploited. Applying the update helps protect users from potential attacks.

Advisory

Google releases update for Chrome, patches critical flaw

published: Oct. 30, 2024

Take action: Once again, time to click update on your Google Chrome and Chromium browsers (Opera, Edge, Brave). This update is serious - because Google has marked a numerically high severity flaw as critical. As usual, they are not sharing details, but it's very possible this is an easy explot, so the critical treatment. Don't delay, patching is super easy and all your tabs reopen.

Learn More

Google has released a critical update for its Chrome browser, addressing two major security vulnerabilities in the Stable and Extended Stable channels. The updated versions are 130.0.6723.91/.92 for Windows and Mac, and 130.0.6723.91 for Linux.

CVE-2024-10487 (CVSS score 8.8, Google rank Critical) - Out-of-Bounds Write flaw in Dawn graphics system. Allows attackers to write beyond allocated memory, which could lead to remote code execution or system crashes.
CVE-2024-10488 (CVSS score 8.8, Google rank ) - Use-After-Free flaw in WebRTC. Allows arbitrary code execution or crashes by accessing freed memory, posing a risk of data breaches.

Users are urged to update Chrome immediately via "About Google Chrome" in the browser’s settings. The update will be rolled out automatically but may require a manual restart of the browser to apply the changes.

Google releases update for Chrome, patches critical flaw

Read More
Claudy Day: Chaining Prompt Injection and Data Exfiltration …
Critical Zoom windows client vulnerabilities enable privilege escalation
Two Google Pixel Android flaws actively exploited
A real story about US Government agency hacked …
Microsoft releases February 2025 patch, fixes 4 zero-days, …