Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Chrome 128 Updates Patch High-Severity Vulnerabilities

Google has released two Chrome 128 updates to address six high-severity vulnerabilities reported by external researchers.

Chrome

Two security updates released over the past week for the Chrome browser resolve eight vulnerabilities, including six high-severity bugs reported by external researchers.

Last week, Google announced a Chrome 128 update that rolled out with patches for four externally reported high-severity memory safety flaws.

Three of the security defects, the internet giant revealed in an advisory, affect the browser’s V8 JavaScript engine. They include two type confusion issues and a heap buffer overflow.

The fourth vulnerability resolved last week is a heap buffer overflow in Skia, the open source 2D graphics library that Chrome, Firefox, and other browsers use as their graphics engine.

All four security defects were resolved in Chrome versions 128.0.6613.113/.114 for Windows and macOS and version 128.0.6613.113 for Linux. Google said it had yet to determine the bug bounty rewards to be handed out for these four issues.

On Monday, the internet giant announced the release of another Chrome 128 update, with patches for four vulnerabilities, including two reported by external researchers.

The externally reported bugs include a use-after-free in WebAudio, for which Google paid out a $7,000 reward, and an out-of-bounds write in the V8 engine, for which the reward has yet to be determined.

Chrome versions 128.0.6613.119/.120 for Windows and macOS and version 128.0.6613.119 for Linux are rolling out with patches for all security issues.

Advertisement. Scroll to continue reading.

Google makes no mention of any of these vulnerabilities being exploited in the wild. However, the internet giant’s fast release pace suggests that updating the browser as soon as possible is recommended.

Related: Google Now Offering Up to $250,000 for Chrome Vulnerabilities

Related: Google Warns of Exploited Chrome Vulnerability

Related: Google Patches Sixth Exploited Chrome Zero-Day of 2024

Related: Chrome, Firefox Updates Patch Serious Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights