Chrome 123: Patch for 12 Security Vulnerabilities
.webp "Chrome 123: Patch for 12 Safety Vulnerabilities")
The Chrome crew has proudly introduced that Chrome 123 has been promoted to the staunch channel for users on Home windows, Mac, and Linux.
This most stylish version, Chrome 123.0.6312.58 for Linux and 123.0.6312.58/.59 for Home windows and Mac, is decided to roll out gradually over the following couple of days and weeks.
It choices a slew of fixes and enhancements aimed at enhancing consumer expertise and security.
Safety Fixes and Rewards
In an ongoing effort to enhance its defenses, this exchange entails patches for 12 security vulnerabilities.
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security groups have to triage 100s of vulnerabilities. :
- The problem of vulnerability fatigue currently
- Incompatibility between CVSS-explicit vulnerability vs probability-based totally mostly vulnerability
- Evaluating vulnerabilities in accordance with the industry influence/probability
- Automation to lower alert fatigue and enhance security posture vastly
AcuRisQ, that helps you to quantify probability precisely:
The Chrome crew has taken a cautious scheme by limiting fetch actual of entry to to bug particulars and hyperlinks till many users receive the updates.
This measure ensures that attainable attackers function no longer exploit the vulnerabilities earlier than they’re widely patched.
More than seemingly the most crucial fixes had been made conceivable via the contributions of exterior researchers, highlighting the importance of community involvement in cybersecurity.
High Severity Vulnerabilities
- CVE-2024-2625: Object Lifecycle Space in V8
This high-severity vulnerability used to be chanced on by Ganjiang Zhou (@refrain_areu) of the ChaMd5-H1 crew and reported on March 1, 2024. - It entails an object lifecycle problem interior V8, Chrome’s JavaScript engine, which can most definitely well doubtlessly enable malicious actors to retain out arbitrary code.
Medium Severity Vulnerabilities
- CVE-2024-2626: Out of Bounds Read in Swiftshader
Cassidy Kim (@cassidy6564) identified an out-of-bounds read in Swiftshader, reporting it on November 22, 2023. - This vulnerability earned a $10,000 reward for its discovery.
- CVE-2024-2627: Exhaust After Free in Canvas
An nameless researcher reported this exhaust-after-free problem in Canvas on January 21, 2024, which used to be rewarded with $4,000. - CVE-2024-2628: Disagreeable Implementation in Downloads
As reported by Ath3r1s on January 3, 2024, this vulnerability concerns an flawed implementation in the Downloads feature and used to be rewarded with $3,000. - CVE-2024-2629: Improper Safety UI in iOS
Muneaki Nishimura (nishimunea) chanced on an fallacious security UI in iOS, reporting it on January 2, 2024, and receiving a $2,000 reward. - CVE-2024-2630: Disagreeable Implementation in iOS
James Lee (@Windowsrcer) reported one other flawed implementation in iOS on December 7, 2023, which used to be rewarded with $1,000. - CVE-2024-2631: Disagreeable Implementation in iOS
Ramit Gangwar’s discovery of yet one other flawed implementation in iOS, reported on January 29, 2024, also earned a $2,000 reward.
The Chrome crew extends its gratitude to your total security researchers who collaborated with them at some level of the advance cycle, helping to title and rectify security concerns earlier than the staunch liberate.
This proactive choice to security, coupled with interior audits, fuzzing, and a selection of initiatives, underscores Google’s dedication to safeguarding its users.
Discontinue up to this point on Cybersecurity data, Whitepapers, and Infographics. Apply us on LinkedIn & Twitter.
Source credit : cybersecuritynews.com
