Serious Discussion Google Chrome Stable Channel Updates

simmerskool

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
oldschool said:
Browse safely with real-time protection on Chrome
Click to expand...
"If you want even more protection, you can always turn on Safe Browsing’s Enhanced Protection mode, which uses AI to block attacks, provides deep file scans and offers extra protection from malicious Chrome extensions." ...

...or IMO Google Chrome could just keep malicious Chrome extensions out of its Chrome Store...
 
  • Hundred Points
  • Like
Reactions: SpiderWeb and vtqhtr413
oldschool

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,105
Chrome Releases
Stable Channel Update for Desktop
Tuesday, March 19, 2024
The Chrome team is delighted to announce the promotion of Chrome 123 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.

Chrome 123.0.6312.58 (Linux) 123.0.6312.58/.59( Windows, Mac) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 123.
Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 12 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[TBD][327740539] High CVE-2024-2625: Object lifecycle issue in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-03-01

[$10000][40945098] Medium CVE-2024-2626: Out of bounds read in Swiftshader. Reported by Cassidy Kim(@cassidy6564) on 2023-11-22

[$4000][41493290] Medium CVE-2024-2627: Use after free in Canvas. Reported by Anonymous on 2024-01-21

[$3000][41487774] Medium CVE-2024-2628: Inappropriate implementation in Downloads. Reported by Ath3r1s on 2024-01-03

[$2000][41487721] Medium CVE-2024-2629: Incorrect security UI in iOS. Reported by Muneaki Nishimura (nishimunea) on 2024-01-02

[$1000][41481877] Medium CVE-2024-2630: Inappropriate implementation in iOS. Reported by James Lee (@Windowsrcer) on 2023-12-07

[$2000][41495878] Low CVE-2024-2631: Inappropriate implementation in iOS. Reported by Ramit Gangwar on 2024-01-29

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
As usual, our ongoing internal security work was responsible for a wide range of fixes:

[330304003] Various fixes from internal audits, fuzzing and other initiatives
Click to expand...
 
  • Like
  • +Reputation
Reactions: simmerskool, silversurfer, Back3 and 4 others
SpiderWeb

SpiderWeb

Level 10
Verified
Well-known
Aug 21, 2020
475
simmerskool said:
"If you want even more protection, you can always turn on Safe Browsing’s Enhanced Protection mode, which uses AI to block attacks, provides deep file scans and offers extra protection from malicious Chrome extensions." ...

...or IMO Google Chrome could just keep malicious Chrome extensions out of its Chrome Store...
Click to expand...
Accountability? Google? In my dreams. 🤣

From what I have seen Edge is on the rise at least in corporate fast because it is cleaner and Microsoft allows more control due to how deeply integrated it is into Windows. Chrome is only leading because it's everybody's grandmas/pas default set it and forget it browser.
 
  • Like
  • Applause
Reactions: vtqhtr413, simmerskool and Gandalf_The_Grey
oldschool

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,105
Chrome Releases

Stable Channel Update for Desktop

Tuesday, March 26, 2024
The Stable channel has been updated to 123.0.6312.86/.87 for Windows and Mac and 123.0.6312.86 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.



This update includes 7 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.


[$10000][327807820] Critical CVE-2024-2883: Use after free in ANGLE. Reported by Cassidy Kim(@cassidy6564) on 2024-03-03

[TBD][328958020] High CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz on 2024-03-11

[N/A][330575496] High CVE-2024-2886: Use after free in WebCodecs. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on 2024-03-21

[N/A][330588502] High CVE-2024-2887: Type Confusion in WebAssembly. Reported by Manfred Paul, via Pwn2Own 2024 on 2024-03-21




We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
Click to expand...
 
  • Like
  • +Reputation
Reactions: vtqhtr413, silversurfer, Sammo and 3 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,585
Google fixes Chrome zero-days exploited at Pwn2Own 2024
Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition.

The first (tracked as CVE-2024-2887) is a high-severity type confusion weakness in the WebAssembly (Wasm) open standard. Manfred Paul demoed this vulnerability on the first day of Pwn2Own as part of a double-tap remote code execution (RCE) exploit using a crafted HTML page and targeting both Chrome and Edge.

While type confusion security flaws generally cause browser crashes by reading or writing memory out of buffer bounds, attackers can also exploit them for arbitrary code execution.

The second zero-day is tracked as CVE-2024-2886 and was exploited by KAIST Hacking Lab's Seunghyun Lee during the second day of the CanSecWest Pwn2Own contest.

Described as a use-after-free (UAF) weakness in the WebCodecs API used by web apps to encode and decode audio and video content, it allows remote attackers to perform arbitrary reads/writes via crafted HTML pages.

Lee also used CVE-2024-2886 to gain remote code execution using a single exploit targeting both Google Chrome and Microsoft Edge.

Google fixed the two zero-days in the Google Chrome stable channel, version 123.0.6312.86/.87 for Windows and Mac and 123.0.6312.86 for Linux users, which will roll out worldwide over the coming days.
Click to expand...
www.bleepingcomputer.com

Google fixes Chrome zero-days exploited at Pwn2Own 2024

Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: vtqhtr413, silversurfer, oldschool and 1 other person
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,585
Google Chrome 123.0.6312.105/.106/.107 Stable Channel Update for Desktop
The Stable channel has been updated to 123.0.6312.105/.106/.107 for Windows and Mac and 123.0.6312.105 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

This update includes 3 security fixes.
Click to expand...
chromereleases.googleblog.com

Stable Channel Update for Desktop

The Stable channel has been updated to 123.0.6312.105/.106/.107 for Windows and Mac and 123.0.6312.105 to Linux which will roll out over the...
chromereleases.googleblog.com chromereleases.googleblog.com
 
  • Like
  • +Reputation
Reactions: silversurfer, harlan4096, Back3 and 2 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,585
Google fixes one more Chrome zero-day exploited at Pwn2Own
Google has fixed another zero-day vulnerability in the Chrome browser, which was exploited by security researchers during the Pwn2Own hacking contest last month.

Tracked as CVE-2024-3159, this high-severity security flaw is caused by an out-of-bounds read weakness in the Chrome V8 JavaScript engine.

Remote attackers can exploit the vulnerability using crafted HTML pages to gain access to data beyond the memory buffer via heap corruption, which can provide them with sensitive information or trigger a crash.

Palo Alto Networks security researchers Edouard Bochin and Tao Yan demoed the zero-day on the second day of Pwn2Own Vancouver 2024 to defeat V8 hardening.

Their double-tap exploit allowed them to execute arbitrary code on Google Chrome and Microsoft Edge, earning them a $42,500 award.

Google has now fixed the zero-day in the Google Chrome stable channel version 123.0.6312.105/.106/.107 (Windows and Mac) and 123.0.6312.105 (Linux), which will roll out worldwide over the coming days.
Click to expand...
www.bleepingcomputer.com

Google fixes one more Chrome zero-day exploited at Pwn2Own

Google has fixed another zero-day vulnerability in the Chrome browser, which was exploited by security researchers during the Pwn2Own hacking contest last month.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: vtqhtr413, silversurfer, oldschool and 1 other person
silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,159
Google Chrome 123.0.6312.122/.123/.124 Stable Channel Update for Desktop
The Stable channel has been updated to 123.0.6312.122/.123 for Windows 123.0.6312.122/.123/.124 for Mac and 123.0.6312.122 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log

This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
Click to expand...
chromereleases.googleblog.com

Stable Channel Update for Desktop

The Stable channel has been updated to 123.0.6312.122/.123 for Windows 123.0.6312.122/.123/.124 for Mac and 123.0.6312.122 to Linux which ...
chromereleases.googleblog.com chromereleases.googleblog.com
 
  • Like
  • +Reputation
Reactions: vtqhtr413, Virtuoso, Gandalf_The_Grey and 1 other person
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,585
Google Chrome 124.0.6367.60/.61 Stable Channel Update for Desktop
The Stable channel has been updated to 124.0.6367.60/.61 for Windows and Mac and 124.0.6367.60 to Linux which will roll out over the coming days/weeks.

The Extended Stable channel has been updated to 124.0.6367.60/.61 for Windows and Mac which will roll out over the coming days/weeks.

This update includes 22 security fixes.
Click to expand...
chromereleases.googleblog.com

Stable Channel Update for Desktop

The Stable channel has been updated to 124.0.6367.60/.61 for Windows and Mac and 124.0.6367.60 to Linux which will roll out over the coming ...
chromereleases.googleblog.com chromereleases.googleblog.com
 
  • +Reputation
  • Like
Reactions: oldschool, silversurfer and harlan4096

Similar threads

MuzzMelbourne
    • Applause
    • Like
    • +Reputation
New Update Chrome 114 Update Patches High-Severity Vulnerabilities
Replies
2
Views
480
Chrome & Chromium
Jonny Quest
Jonny Quest
vtqhtr413
    • +Reputation
    • Like
    • Applause
Google Awards Over $60,000 for V8 Vulnerabilities Patched With Chrome 115 Update
Replies
0
Views
1,034
News Archive
vtqhtr413
vtqhtr413
F
    • Like
    • +Reputation
Security News Windows Kernel bug fixed last month exploited as zero-day since August
Replies
0
Views
1,066
Security News
Freki123
F

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top