Google on Tuesday announced a fresh Chrome browser update that addresses 17 vulnerabilities, including 13 security defects reported by external researchers.
The most severe of the externally reported bugs is CVE-2024-9954, a high-risk use-after-free defect in AI, for which Google handed out a $36,000 bug bounty reward.
The browser update resolves five medium-severity use-after-free issues as well, impacting Web Authentication, UI, DevTools, Dawn, and Parcel Tracking.
Medium-severity inappropriate implementation flaws in Web Authentication, PictureInPicture, and Permissions, and an insufficient data validation issue in Downloads were also resolved.
In its advisory, the internet giant notes that most of the vulnerabilities were reported over the past couple of months, except for the inappropriate implementation in PictureInPicture bug, which was reported in November 2023, and the insufficient data validation in Downloads, which was reported in March 2024.
The update also fixes low-severity inappropriate implementation flaws in Payments and Navigations and an insufficient data validation bug in DevTools.
Google says it has paid out $72,000 in bug bounty rewards to the reporting researchers. However, it has yet to determine the amount to be handed out for the insufficient data validation issue in Downloads.
The internet giant makes no mention of any of these vulnerabilities being exploited in the wild. Users are advised to update their browsers as soon as possible.
The latest Chrome iteration is now rolling out as versions 130.0.6723.58/.59 for Windows and macOS, and as version 130.0.6723.58 for Linux.
Google also pushed Chrome for Android version 130.0.6723.58 to a small percentage of users. Containing the same fixes as Chrome 130 for desktop, the updated mobile browser will become available in Google Play shortly.
Related: Chrome, Firefox Updates Patch High-Severity Vulnerabilities
Related: Tor Browser Update Patches Exploited Firefox Zero-Day
Related: Tor Browser Patches Application Probing Vulnerability
Related: Avast Launches Security-Focused Browser for Android