Google Addresses Critical Vulnerability in Chrome Browser

October 30, 2024

Google has recently rectified a critical vulnerability in its Chrome browser. This flaw, designated as CVE-2024-10487, was brought to light by Apple's Security Engineering and Architecture (SEAR) team on October 23, 2024. The problem involves an out-of-bounds write issue in the Dawn implementation, an open-source and cross-platform implementation of the WebGPU standard. The exact details of the vulnerability are unclear, including whether it has been exploited in any real-world cyberattacks.

Alongside this, Google has also addressed a high-severity vulnerability in WebRTC, identified as CVE-2024-10488. This flaw, which is a use-after-free issue, was reported by Cassidy Kim on October 18, 2024.

Google has responded to both these vulnerabilities with the release of Chrome 130. The company stated, “The Stable channel has been updated to 130.0.6723.91/.92 for Windows, Mac and 130.0.6723.91 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.” The Extended Stable channel has also been updated for Windows and Mac.

As is standard practice, Google has restricted access to the details of these bugs until most users have applied the fix. Google Chrome has been a frequent target for threat actors, with several instances of zero-day exploits in the past. In August, for instance, Google had to release a security update to address a Chrome zero-day vulnerability, tracked as CVE-2024-7965, which had been actively exploited. This vulnerability was an Inappropriate implementation issue in Chrome’s V8 JavaScript engine.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.