Chrome 126 Released With Patch For 21 Security Flaws
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
The Chrome team has released Chrome 126 to the Windows, Mac, and Linux stable channels. This update, which will roll out over the coming days and weeks, includes many fixes and improvements, focusing on security.
Key Security Fixes
Chrome 126 addresses 21 security vulnerabilities, many of which have been reported by external researchers. Some of the notable fixes include:
Other vulnerabilities addressed include various use-after-free issues, heap buffer overflows, and inappropriate implementations across different browser components.
New Features and Improvements
In addition to security fixes, Chrome 126 introduces several new features and improvements:
Enterprise and Developer Updates
For enterprise users and developers, Chrome 126 includes several updates:
The release of Chrome 126 underscores Google’s commitment to security and performance. Users are encouraged to update their browsers promptly to benefit from the latest fixes and enhancements.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Chrome 126 Released With Patch For 21 Security Flaws
Author: Guru BaranThe Chrome team has released Chrome 126 to the Windows, Mac, and Linux stable channels. This update, which will roll out over the coming days and weeks, includes many fixes and improvements, focusing on security.
Key Security Fixes
Chrome 126 addresses 21 security vulnerabilities, many of which have been reported by external researchers. Some of the notable fixes include:
- CVE-2024-5830 : Type Confusion in V8, reported by Man Yue Mo of GitHub Security Lab, with a reward of $25,000.
- CVE-2024-5831 : Use after free in Dawn, reported by wgslfuzz, with a reward of $10,000.
- CVE-2024-5832 : Another Use after free in Dawn, also reported by wgslfuzz, with a reward of $10,000.
- CVE-2024-5833 : Type Confusion in V8, reported by @ginggilBesel, with a reward of $7,000.
- CVE-2024-5834 : Inappropriate implementation in Dawn, reported by gelatin dessert, with a reward of $5,000.
- CVE-2024-5835 : Heap buffer overflow in Tab Groups, reported by Weipeng Jiang (@Krace) of VRI, with a reward of $3,000.
Other vulnerabilities addressed include various use-after-free issues, heap buffer overflows, and inappropriate implementations across different browser components.
New Features and Improvements
In addition to security fixes, Chrome 126 introduces several new features and improvements:
- Cross-document view transitions : This feature allows for smooth transitions between different documents of the same origin, enhancing the user experience without requiring a single-page application architecture.
- Out-of-process iframe (OOPIF) PDF viewer : This new architecture simplifies adding new features to the PDF viewer and improves performance.
- Memory Saver aggressiveness : Administrators can now configure how aggressively the Memory Saver feature deactivates unused tabs to free up memory.
- Reactive prefetch on Desktop: This feature speeds up navigation by prefetching subresources during navigation based on predictions from a Google-owned service.
Enterprise and Developer Updates
For enterprise users and developers, Chrome 126 includes several updates:
- App-bound encryption for cookies : Enhances cookie security by binding the encryption key to Chrome’s application identity, protecting against malware that might steal cookies.
- Chrome extension telemetry integration with Chronicle : Collects and analyzes extension telemetry data to provide insights on risky activities.
- Page-Embedded Permission Control : Introduces a new HTML element to improve the user experience of permission prompts.
The release of Chrome 126 underscores Google’s commitment to security and performance. Users are encouraged to update their browsers promptly to benefit from the latest fixes and enhancements.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
