Chrome Flaw Let Attacker Corrupt Memory via Crafted HTML Page
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
Chrome Flaw Let Attacker Corrupt Memory via Crafted HTML Page
Author: GuruGoogle has updated the Stable channels to 121.0.6167.85 for Mac and Linux and 121.0.6167.85/.86 for Windows as part of a security update for Chrome.
There are 17 security fixes in this update. The upgrade will be rolled out over the coming few days and weeks.
High-Severity Flaws Addressed
A high-severity issue was identified as CVE-2024-0807, Use after free in WebAudio. This allowed a remote attacker to possibly exploit heap corruption via a crafted HTML page.
Google awarded a $11000 bounty after Huang Xilin of Ant Group Light-Year Security Lab reported it.
The vulnerability identified as Inappropriate implementation in accessibility (CVE-2024-0812) was determined to have a high severity.
This allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Google announced a $9000 reward and stated the reporter was anonymous.
CVE-2024-0808, Integer underflow in WebUI, was found to be a high-severity issue. This enabled a remote attacker to potentially exploit heap corruption via a malicious file. A $6000 bounty was issued by Google, as reported by Lyra Rebane (rebane2001).
Medium and Low-Severity Flaws Addressed
The Medium-severity bugs addressed in this update are listed below:
CVE-2024-0810 – Insufficient policy enforcement in DevTools, CVE-2024-0814 – Incorrect security UI in Payments, CVE-2024-0813 – Use after free in Reading Mode.
CVE-2024-0806 – Use after free in Passwords, CVE-2024-0805 – Inappropriate implementation in Downloads, and CVE-2024-0804 – Insufficient policy enforcement in iOS Security UI.
The Low- severity bugs addressed in this update are listed below:
CVE-2024-0811 – Inappropriate implementation in Extensions API and CVE-2024-0809 – Inappropriate implementation in Autofill.
Chrome Security Update
- Mac and Linux (121.0.6167.85)
- Windows (121.0.6167.85/.86)
Google recommended usersupdate to the most recent patched version of Chrome as soon as possible tolessen security risks.
Update Now!
To update the Chrome web browser, you have to follow a few simple steps that we have mentioned below:-
- Go to the Settings option.
- Then select About Chrome.
- Now, you must wait, as Chrome will automatically fetch and download the latest update.
- Then, wait for the latest version to be installed.
- Once the installation process is complete, you will have to restart Chrome.
- That’s it. Now you are done.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте: