Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Google Pays Out $36,000 for Severe Chrome Vulnerability

Google has released Chrome 130 in the stable channel to resolve 17 vulnerabilities, including 13 reported by external researchers.

Chrome

Google on Tuesday announced a fresh Chrome browser update that addresses 17 vulnerabilities, including 13 security defects reported by external researchers.

The most severe of the externally reported bugs is CVE-2024-9954, a high-risk use-after-free defect in AI, for which Google handed out a $36,000 bug bounty reward.

The browser update resolves five medium-severity use-after-free issues as well, impacting Web Authentication, UI, DevTools, Dawn, and Parcel Tracking.

Medium-severity inappropriate implementation flaws in Web Authentication, PictureInPicture, and Permissions, and an insufficient data validation issue in Downloads were also resolved.

In its advisory, the internet giant notes that most of the vulnerabilities were reported over the past couple of months, except for the inappropriate implementation in PictureInPicture bug, which was reported in November 2023, and the insufficient data validation in Downloads, which was reported in March 2024.

The update also fixes low-severity inappropriate implementation flaws in Payments and Navigations and an insufficient data validation bug in DevTools.

Google says it has paid out $72,000 in bug bounty rewards to the reporting researchers. However, it has yet to determine the amount to be handed out for the insufficient data validation issue in Downloads.

The internet giant makes no mention of any of these vulnerabilities being exploited in the wild. Users are advised to update their browsers as soon as possible.

Advertisement. Scroll to continue reading.

The latest Chrome iteration is now rolling out as versions 130.0.6723.58/.59 for Windows and macOS, and as version 130.0.6723.58 for Linux.

Google also pushed Chrome for Android version 130.0.6723.58 to a small percentage of users. Containing the same fixes as Chrome 130 for desktop, the updated mobile browser will become available in Google Play shortly.

Related: Chrome, Firefox Updates Patch High-Severity Vulnerabilities

Related: Tor Browser Update Patches Exploited Firefox Zero-Day

Related: Tor Browser Patches Application Probing Vulnerability

Related: Avast Launches Security-Focused Browser for Android

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Mike Byron has been named Chief Financial Officer (CFO) at Exabeam.

Ex-GitHub chief technology officer Mike Hanley has joined GM as CISO.

Network security and compliance assurance firm Titania has appointed Victoria Dimmick as CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.