Google Chrome Gets 6 Security Fixes to Patch High-Severity Vulnerabilities

Google is rolling out Chrome updates for desktop users to address six security issues, four of which were found by external researchers and rated high-severity vulnerabilities.

The issues include a "user after free" vulnerability CVE-2024-5157, a "type confusion" flaw CVE-2024-5158, and two "heap buffer overflow" issues. Use-after-free vulnerabilities are memory corruption issues that could be exploited by threat actors if left unpatched. Type confusion bugs have been found before in Chromium-based based browsers, and exist in the V8 Javascript engine. Attackers could exploit a type confusion bug by triggering the bug with an HTML page, cybersecurity firm SocRadar explained in a post last year.

One of the heap buffer overflow issues, CVE-2024-5159, was found in Chrome's graphics layer engine Angle. The other, CVE-2024-5160, was found in Dawn, Google's WebGPU standard.

The four security vulnerabilities were reported within the past five weeks. Google has already rewarded three of the external researchers so far for their findings, giving out $26,000 in total.

Windows and Mac users will get the fixes in the 125.0.6422.76/.77 versions of Chrome, while Linux users will see the fixes reflected in the 125.0.6422.76 Chrome version. Google says these new Chrome versions will be released in "the coming days/weeks." SecurityWeek first reported the news of Chrome's 125 latest update.

Recommended by Our Editors

How to Remove AI From Your Google Search Results

Google Releases Emergency Fix for New Chrome Zero-Day Flaw

New Android Trojan Malware Targets Bank Accounts With Fake Chrome Updates

Earlier this month, Google released an emergency fix for another Chrome bug, CVE-2024-4671, which was also given a high-severity rating. This flaw was also a "use after free" bug, which could have been exploited to install malware, for example. Google said at the time it was aware that an exploit for the vulnerability "exists in the wild."