Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Chrome 129 Patches High-Severity Vulnerability in V8 Engine

Google has released Chrome 129 with patches for nine vulnerabilities, including a high-severity bug in the V8 engine.

Google on Tuesday announced the release of Chrome 129 in the stable channel with patches for nine vulnerabilities, including six reported by external researchers.

The most severe of the externally reported flaws is a type confusion bug in the V8 JavaScript engine, tracked as CVE-2024-8904, the internet giant notes in an advisory.

A type of memory safety bugs, type confusion issues allow attackers to modify variables and trigger unexpected application behavior. Successful exploitation of such defects could lead to crashes, remote code execution, and other types of attacks.

Chrome 129 also addresses three medium-severity vulnerabilities reported by external researchers, namely inappropriate implementation in V8, incorrect security UI in Downloads, and insufficient data validation in Omnibox.

The update also resolves two low-severity inappropriate implementation flaws, impacting Chrome’s Autofill and UI components.  

As usual, Google is keeping access to vulnerability details restricted, at least until most users have updated to a patched Chrome release.

The internet giant says it handed out $13,000 in bug bounty payouts to the reporting researchers, with the highest reward going to Ganjiang Zhou of ChaMd5-H1 team for the inappropriate implementation in V8.

However, Google has yet to determine the bug bounty amount to be paid for the high-severity V8 security defect, and the total amount could be much higher.

Advertisement. Scroll to continue reading.

The latest Chrome iteration is now rolling out as versions 129.0.6668.58/.59 for Windows and macOS, and as version 129.0.6668.58 for Linux. Google makes no mention of any of these vulnerabilities being exploited in the wild.

Related: New Chrome Features Protect Users Against Threats, Provide More Control Over Personal Data

Related: Chrome 128 Update Resolves High-Severity Vulnerabilities

Related: Google Backs Creation of Cybersecurity Clinics With $20 Million Donation

Related: Web Browsers Vulnerable to 14 New Types of XS-Leak Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Solana co-founder Stephen Akridge has been appointed the CEO of data protection firm Cyber Grant.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.