Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Chrome 125 Update Patches High-Severity Vulnerabilities

Google released a Chrome 125 update to resolve four high-severity vulnerabilities reported by external researchers.

Chrome vulnerabilities

Google on Tuesday announced a Chrome 125 update that resolves six vulnerabilities, including four high-severity bugs reported by external researchers.

The first issue, tracked as CVE-2024-5157, is a use-after-free flaw in Scheduling that was reported by Looben Yang a month ago. The researcher received an $11,000 bug bounty reward for the discovery.

Google has been battling use-after-free issues in Chrome for several years, as these types of bugs can lead to sandbox escape if an attacker can target a vulnerability in the underlying operating system or in a privileged Chrome process.

On Tuesday, Google also patched CVE-2024-5158, a type confusion bug in the V8 JavaScript engine, announcing that it has paid out a $10,000 bug bounty reward to Zhenghang Xiao, who reported the security defect in early May.

The browser update also resolves two heap buffer overflow issues, one impacting the ANGLE graphics layer engine (CVE-2024-5159) and another found in Dawn, Chrome’s implementation of the WebGPU standard (CVE-2024-5160).

The internet giant says it has paid out a $5,000 bug bounty reward for the ANGLE flaw but has yet to disclose the amount awarded for the Dawn issue.

The latest Chrome release is now rolling out as version 125.0.6422.76 for Linux and as versions 125.0.6422.76/.77 for Windows and macOS.

Google makes no mention of any of these vulnerabilities being exploited in the wild, but users are advised to update their browsers as soon as possible.

Advertisement. Scroll to continue reading.

Promoted to the stable channel on May 15, Chrome 125 was released with patches for the seventh zero-day documented in the browser this year and the third Chrome zero-day to be resolved within a week.

Related: Google Patches Second Chrome Zero-Day in One Week

Related: Exploited Chrome Zero-Day Patched by Google

Related:Google Patches Critical Chrome Vulnerability

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Gabriel Agboruche has been named Executive Director of OT and Cybersecurity at Jacobs.

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

More People On The Move

Expert Insights