Zoom and Chrome security updates released on Tuesday patch over a dozen vulnerabilities affecting users across desktop platforms.
Zoom announced fixes for six security defects, including two high-severity issues that could allow remote attackers to escalate privileges or leak sensitive information.
The first bug, tracked as CVE-2024-45421 (CVSS score of 8.5), is described as a buffer overflow issue that requires authentication for successful exploitation.
The second flaw, tracked as CVE-2024-45419 (CVSS score of 8.1), is an improper input validation issue that can be exploited over the network, without authentication.
Both vulnerabilities impact Zoom Workplace App, Rooms Client, Rooms Controller, Video SDK, and Meeting SDK prior to version 6.2.0 across desktop and mobile platforms, and Workplace VDI Client for Windows before version 6.1.12 (except 6.0.14).
Two other bugs, both medium severity, are described as improper input validation and uncontrolled resource consumption issues that could be exploited to cause denial-of-service (DoS) conditions.
The remaining two flaws, also medium severity, affect the installer for some Zoom apps for macOS before version 6.1.5 and could lead to privilege escalation or information disclosure.
Users are advised to update their installations as soon as possible. Additional information can be found on Zoom’s security bulletins page.
On Tuesday, Google announced the promotion of Chrome 131 to the stable channel with patches for 12 vulnerabilities, including eight reported by external researchers.
The most severe of the externally reported flaws is a high-severity inappropriate implementation bug in Blink, tracked as CVE-2024-11110, which was reported last month.
The latest browser update also resolves six medium-severity issues, including inappropriate implementations in Autofill, Views, and Paint, use-after-free bugs in Media and Accessibility, and an insufficient policy enforcement flaw in Navigation. A low-severity inappropriate implementation in FileSystem was also resolved.
Google says it paid a $1,000 reward for the inappropriate implementation in Autofill, but has not disclosed the bug bounty rewards to be handed out for the other seven security defects.
The latest Chrome iteration is now rolling out as versions 131.0.6778.69/.70 for Windows and macOS, and as version 131.0.6778.69 for Linux.
Related: Webex Monitors Microphone Even When Muted, Researchers Say
Related: New Zoom Features Tackle Meeting Disruptions
Related: Google Introduces New Open-Source Data Privacy Protocol