Google has announced a significant update for its Chrome browser across various platforms, aiming to enhance security by fixing multiple vulnerabilities. The update, which will gradually reach all users, incorporates fixes for seventeen distinct security issues, reinforcing the browser’s defenses against potential cyber threats.
Crucial Security Gaps Rectified
Among the corrected flaws, a particularly dangerous one was found in the WebAudio component, where the misuse of previously freed memory could be exploited, leading to heap corruption. This flaw, designated CVE-2024-0807, was serious enough to prompt Google to offer a substantial bounty of $11,000 to the researcher who disclosed it. Another critical vulnerability involved the browser’s accessibility features, where improper implementation could allow an attacker to corrupt objects via a specially crafted HTML page, leading to a $9,000 reward for the anonymous reporter. Additionally, an integer underflow problem in the WebUI was patched, which could also result in heap corruption if a malicious file was processed, leading to a $6,000 bounty.
Addressing Lesser Threats
The update also mitigates medium-severity issues, such as insufficient policy enforcement in DevTools, security UI errors in Payments, and a use-after-free error in Reading Mode. Password management, downloading processes, and iOS security UI were also improved. Furthermore, low-severity concerns, such as issues in the Extensions API and Autofill, were resolved.
