Connect with us

Hi, what are you looking for?



Chrome 126 Update Patches Vulnerability Exploited at Hacking Competition

Google has released a Chrome 126 security update with six fixes, including four for externally reported high-severity flaws.

Chrome vulnerabilities

Google on Tuesday announced a Chrome 126 update that contains six security fixes, four of which address high-severity vulnerabilities reported by external researchers.

The first externally reported bug addressed with this update, tracked as CVE-2024-6100, is a high-severity type confusion issue in the V8 JavaScript engine.

According to Google’s advisory, the security defect was reported by Seunghyun Lee at SSD Secure Disclosure’s TyphoonPWN 2024 hacking competition, held in Seoul, Korea, at the TyphoonCon offensive security conference.

The reporting researcher, Google says, received a $20,000 bug bounty reward for the finding.

The second issue addressed with this Chrome 126 update is CVE-2024-6101, described as an inappropriate implementation in WebAssembly. Google says it handed out a $7,000 reward for this vulnerability.

The Chrome 126 security update also resolves two high-severity flaws in Dawn, namely an out-of-bounds memory access flaw (CVE-2024-6102) and a use-after-free (CVE-2024-6103).

Both security defects were reported by security researcher ‘wgslfuzz’, and Google says it has yet to determine the bug bounty amounts to be paid for them.

As usual, the internet giant has shared no technical details on these vulnerabilities. The company made no mention of any of the issues being exploited in the wild.

Advertisement. Scroll to continue reading.

The latest Chrome iteration is now rolling out to users as version 126.0.6478.114 for Linux and as versions 126.0.6478.114/115 for Windows and macOS.

Related: Chrome 126, Firefox 127 Patch High-Severity Vulnerabilities

Related: Google Patches Fourth Chrome Zero-Day in Two Weeks

Related: Chrome 125 Update Patches High-Severity Vulnerabilities

Related: Google Extends Chromebook Lifespan, Promises 10 Years of Automatic Updates

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights