Google releases urgent patch to Chrome, fixing two critical flaws
Take action: This one is urgent. Google pushed out a patch for just two flaws, and they are immediately scored as critical - even without any exploitation details. Patch all your Chrome and Chromium browsers (Edge, Opera, Brave), since an attack is possible just by visiting a malicious site with no user action.
Learn More
Google has released an urgent security update to address critical vulnerabilities in Chrome browser. The patched versions are 130.0.6723.116 or 130.0.6723.117 for Windows and Mac, and version 130.0.6723.116 for Linux.
The update addresses the following vulnerabilities:
-
CVE-2024-10826 (CVSS score 9.8): This vulnerability involves a use-after-free issue within Chrome’s Family Experiences component. Exploiting this flaw could allow attackers to execute arbitrary code or gain unauthorized access to users’ systems.
-
CVE-2024-10827 (CVSS score 9.8): Another use-after-free issue was identified in Chrome’s Serial component, potentially allowing remote attackers to compromise affected systems.
Both vulnerabilities stem from memory management issues where freed memory can still be accessed, leading to memory corruption. Attackers could use these bugs by tricking users into visiting malicious websites, where remote code execution could occur without user interaction, creating a high potential for widespread exploitation.
Affected Versions
- Chrome Stable Channel: Versions prior to 130.0.6723.116 for Windows, Mac, and Linux.
- Chrome Extended Stable Channel: Versions prior to 130.0.6723.117 for Windows and Mac.
Users should ensure they are on Chrome version 130.0.6723.116 or later ASAP.
