[German]On August 21, Google released an update of the Google Chrome browser (branch 128) in the stable channel, which closes 38n vulnerabilities (some of them critical). One vulnerability is already under attack. The Extended Stable Channel and the apps for Android and iOS have also received an update. Here is an overview of these updates.
Advertising
Google Chrome (Stable) 128.0.6613.84/.85
The entry about the update can be found in the Google blog. The stable channel has been updated to version 128.0.6613.84/.85 for macOS and Windows. For Linux, the update updates the browser to version 128.0.6613.84. The extended stable channel has also been updated. According to Google, the following vulnerabilities have been listed as closed.
- [$36000][358296941] High CVE-2024-7964: Use after free in Passwords. Reported by Anonymous on 2024-08-08
- [$11000][356196918] High CVE-2024-7965: Inappropriate implementation in V8. Reported by TheDog on 2024-07-30
- [$10000][355465305] High CVE-2024-7966: Out of bounds memory access in Skia. Reported by Renan Rios (@HyHy100) on 2024-07-25
- [$7000][355731798] High CVE-2024-7967: Heap buffer overflow in Fonts. Reported by Tashita Software Security on 2024-07-27
- [$1000][349253666] High CVE-2024-7968: Use after free in Autofill. Reported by Han Zheng (HexHive) on 2024-06-25
- [TBD][351865302] High CVE-2024-7969: Type Confusion in V8. Reported by CFF of Topsec Alpha Team on 2024-07-09
- [TBD][360700873] High CVE-2024-7971: Type confusion in V8. Reported by Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC) on 2024-08-19
- [$11000][345960102] Medium CVE-2024-7972: Inappropriate implementation in V8. Reported by Simon Gerst (intrigus-lgtm) on 2024-06-10
- [$7000][345518608] Medium CVE-2024-7973: Heap buffer overflow in PDFium. Reported by soiax on 2024-06-06
- [$3000][339141099] Medium CVE-2024-7974: Insufficient data validation in V8 API. Reported by bowu(@gocrashed) on 2024-05-07
- [$3000][347588491] Medium CVE-2024-7975: Inappropriate implementation in Permissions. Reported by Thomas Orlita on 2024-06-16
- [$2000][339654392] Medium CVE-2024-7976: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-10
- [$1000][324770940] Medium CVE-2024-7977: Insufficient data validation in Installer. Reported by Kim Dong-uk (@justlikebono) on 2024-02-11
- [$1000][40060358] Medium CVE-2024-7978: Insufficient policy enforcement in Data Transfer. Reported by NDevTK on 2022-07-21
- [TBD][356064205] Medium CVE-2024-7979: Insufficient data validation in Installer. Reported by VulnNoob on 2024-07-29
- [TBD][356328460] Medium CVE-2024-7980: Insufficient data validation in Installer. Reported by VulnNoob on 2024-07-30
- [$1000][40067456] Low CVE-2024-7981: Inappropriate implementation in Views. Reported by Thomas Orlita on 2023-07-14
- [$500][350256139] Low CVE-2024-8033: Inappropriate implementation in WebApp Installs. Reported by Lijo A.T on 2024-06-30
- [$500][353858776] Low CVE-2024-8034: Inappropriate implementation in Custom Tabs. Reported by Bharat (mrnoob) on 2024-07-18
- [TBD][40059470] Low CVE-2024-8035: Inappropriate implementation in Extensions. Reported by Microsoft on 2022-04-26
In addition, there are various fixes from internal audits, fuzzing and other initiatives. Google is aware that an exploit for CVE-2024-7971 exists in the wild.
The browser is updated automatically. You can also try to update the browser manually (via the menu and the About Google Chrome command). The latest build of the Chrome browser can also be downloaded here.
Google Chrome (Extended) 128.0.6613.84
The Extended Stable Channel has been updated for macOS and Windows to version Chrome 128.0.6613.84.
Chrome for Android 128.0.6613.88
Furthermore, according to this Google post, Google Chrome for Android has been updated to version 128.0.6613.88 and will be distributed via update in the next few days. This version contains stability and performance improvements, as well as the same security fixes as mentioned above for the desktop versions of the browser.
Chrome for iOS 128.0.6613.92
According to this Google post, Google has updated Chrome for iOS to version 128.0.6613.92 and will be distributed via update in the next few days. This version contains stability and performance improvements, as well as the same security fixes as mentioned above for the desktop versions of the browser.
Advertising
Advertising