Now on Demand: CISO Forum Virtual Summit - All Sessions Available to Watch Instantly
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Google Patches Critical Chrome Vulnerability Reported by Apple

Google has patched CVE-2024-10487, a critical Chrome vulnerability, and Mozilla has patched high-severity flaws in Firefox.

Chrome, Firefox security

Google and Mozilla on Tuesday announced security updates for their Chrome and Firefox web browsers, and some of the vulnerabilities they patch are potentially severe.

Google has announced the release of Chrome 130, which patches two vulnerabilities. 

One of them, tracked as CVE-2024-10487, has been described as a critical out-of-bounds write issue in Dawn, the cross-platform implementation of the WebGPU standard. 

The issue was reported to Google by Apple’s Security Engineering and Architecture (SEAR) team just one week ago. Different implementations of the WebGPU graphics API are used in Firefox and Safari as well, but it’s unclear if these browsers are also impacted by CVE-2024-10487.

While there is no information on what CVE-2024-10487 can be exploited for, in general, exploitation of out-of-bounds write issues can lead to arbitrary code execution. Google has not mentioned anything about in-the-wild exploitation.

The second vulnerability patched with the release of Chrome 130 is CVE-2024-10488, a high-severity use-after-free in WebRTC. 

Google has yet to determine the bug bounties that it will pay out for these vulnerabilities.

Mozilla on Tuesday released Firefox 132 and Thunderbird 132. The latest versions of the browser and email client patch the same 11 vulnerabilities, including two high-severity issues.

Advertisement. Scroll to continue reading.

One of them, tracked as CVE-2024-10458, has been described as a permission leak that can occur from a trusted website to an untrusted website. The second issue, CVE-2024-10459, is a use-after-free that can lead to an exploitable crash. 

The remaining vulnerabilities have been assigned ‘medium’ and ‘low’ severity ratings and their exploitation can lead to spoofing, XSS attacks, data leaks, DoS conditions, and arbitrary code execution.

Related: North Korean Hackers Exploited Chrome Zero-Day for Cryptocurrency Theft

Related: Google Pays Out $36,000 for Severe Chrome Vulnerability

Related: Firefox 131 Update Patches Exploited Zero-Day Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Secure enterprise browser provider Menlo Security has appointed Bill Robbins as President.

Erik Rolf has joined Booz Allen Hamilton as the Business Information Security Officer (BISO) of Commercial Sector.

Gant Redmon has joined Trustle as its new Chief Executive Officer and Board Director.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.