Serious Discussion Google Chrome Stable Channel Updates

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
"If you want even more protection, you can always turn on Safe Browsing’s Enhanced Protection mode, which uses AI to block attacks, provides deep file scans and offers extra protection from malicious Chrome extensions." ...

...or IMO Google Chrome could just keep malicious Chrome extensions out of its Chrome Store...
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
Chrome Releases
Stable Channel Update for Desktop
Tuesday, March 19, 2024
The Chrome team is delighted to announce the promotion of Chrome 123 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.

Chrome 123.0.6312.58 (Linux) 123.0.6312.58/.59( Windows, Mac) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 123.
Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 12 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[TBD][327740539] High CVE-2024-2625: Object lifecycle issue in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-03-01

[$10000][40945098] Medium CVE-2024-2626: Out of bounds read in Swiftshader. Reported by Cassidy Kim(@cassidy6564) on 2023-11-22

[$4000][41493290] Medium CVE-2024-2627: Use after free in Canvas. Reported by Anonymous on 2024-01-21

[$3000][41487774] Medium CVE-2024-2628: Inappropriate implementation in Downloads. Reported by Ath3r1s on 2024-01-03

[$2000][41487721] Medium CVE-2024-2629: Incorrect security UI in iOS. Reported by Muneaki Nishimura (nishimunea) on 2024-01-02

[$1000][41481877] Medium CVE-2024-2630: Inappropriate implementation in iOS. Reported by James Lee (@Windowsrcer) on 2023-12-07

[$2000][41495878] Low CVE-2024-2631: Inappropriate implementation in iOS. Reported by Ramit Gangwar on 2024-01-29

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
As usual, our ongoing internal security work was responsible for a wide range of fixes:

[330304003] Various fixes from internal audits, fuzzing and other initiatives
 

SpiderWeb

Level 13
Verified
Top Poster
Well-known
Aug 21, 2020
609
"If you want even more protection, you can always turn on Safe Browsing’s Enhanced Protection mode, which uses AI to block attacks, provides deep file scans and offers extra protection from malicious Chrome extensions." ...

...or IMO Google Chrome could just keep malicious Chrome extensions out of its Chrome Store...
Accountability? Google? In my dreams. 🤣

From what I have seen Edge is on the rise at least in corporate fast because it is cleaner and Microsoft allows more control due to how deeply integrated it is into Windows. Chrome is only leading because it's everybody's grandmas/pas default set it and forget it browser.
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
Chrome Releases

Stable Channel Update for Desktop

Tuesday, March 26, 2024
The Stable channel has been updated to 123.0.6312.86/.87 for Windows and Mac and 123.0.6312.86 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.



This update includes 7 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.


[$10000][327807820] Critical CVE-2024-2883: Use after free in ANGLE. Reported by Cassidy Kim(@cassidy6564) on 2024-03-03

[TBD][328958020] High CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz on 2024-03-11

[N/A][330575496] High CVE-2024-2886: Use after free in WebCodecs. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on 2024-03-21

[N/A][330588502] High CVE-2024-2887: Type Confusion in WebAssembly. Reported by Manfred Paul, via Pwn2Own 2024 on 2024-03-21




We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google fixes Chrome zero-days exploited at Pwn2Own 2024
Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition.

The first (tracked as CVE-2024-2887) is a high-severity type confusion weakness in the WebAssembly (Wasm) open standard. Manfred Paul demoed this vulnerability on the first day of Pwn2Own as part of a double-tap remote code execution (RCE) exploit using a crafted HTML page and targeting both Chrome and Edge.

While type confusion security flaws generally cause browser crashes by reading or writing memory out of buffer bounds, attackers can also exploit them for arbitrary code execution.

The second zero-day is tracked as CVE-2024-2886 and was exploited by KAIST Hacking Lab's Seunghyun Lee during the second day of the CanSecWest Pwn2Own contest.

Described as a use-after-free (UAF) weakness in the WebCodecs API used by web apps to encode and decode audio and video content, it allows remote attackers to perform arbitrary reads/writes via crafted HTML pages.

Lee also used CVE-2024-2886 to gain remote code execution using a single exploit targeting both Google Chrome and Microsoft Edge.

Google fixed the two zero-days in the Google Chrome stable channel, version 123.0.6312.86/.87 for Windows and Mac and 123.0.6312.86 for Linux users, which will roll out worldwide over the coming days.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 123.0.6312.105/.106/.107 Stable Channel Update for Desktop
The Stable channel has been updated to 123.0.6312.105/.106/.107 for Windows and Mac and 123.0.6312.105 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

This update includes 3 security fixes.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google fixes one more Chrome zero-day exploited at Pwn2Own
Google has fixed another zero-day vulnerability in the Chrome browser, which was exploited by security researchers during the Pwn2Own hacking contest last month.

Tracked as CVE-2024-3159, this high-severity security flaw is caused by an out-of-bounds read weakness in the Chrome V8 JavaScript engine.

Remote attackers can exploit the vulnerability using crafted HTML pages to gain access to data beyond the memory buffer via heap corruption, which can provide them with sensitive information or trigger a crash.

Palo Alto Networks security researchers Edouard Bochin and Tao Yan demoed the zero-day on the second day of Pwn2Own Vancouver 2024 to defeat V8 hardening.

Their double-tap exploit allowed them to execute arbitrary code on Google Chrome and Microsoft Edge, earning them a $42,500 award.

Google has now fixed the zero-day in the Google Chrome stable channel version 123.0.6312.105/.106/.107 (Windows and Mac) and 123.0.6312.105 (Linux), which will roll out worldwide over the coming days.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
Google Chrome 123.0.6312.122/.123/.124 Stable Channel Update for Desktop
The Stable channel has been updated to 123.0.6312.122/.123 for Windows 123.0.6312.122/.123/.124 for Mac and 123.0.6312.122 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log

This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 124.0.6367.60/.61 Stable Channel Update for Desktop
The Stable channel has been updated to 124.0.6367.60/.61 for Windows and Mac and 124.0.6367.60 to Linux which will roll out over the coming days/weeks.

The Extended Stable channel has been updated to 124.0.6367.60/.61 for Windows and Mac which will roll out over the coming days/weeks.

This update includes 22 security fixes.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 124.0.6367.78/.79 Stable Channel Update for Desktop
The Stable channel has been updated to 124.0.6367.78/.79 for Windows and Mac and 124.0.6367.78 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

The Extended Stable channel has been updated to 124.0.6367.78/.79 for Windows and Mac which will roll out over the coming days/weeks.

This update includes 4 security fixes.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
In an official blog, Google announced a new update for the Chrome browser that brings some new changes to the search bar. According to Google, the new update should help the address bar also known as Omnibox, to provide 'more precise and relevant' web page suggestions.

 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 124.0.6367.118/.119 Stable Channel Update for Desktop
The Stable channel has been updated to 124.0.6367.118/.119 for Windows, Mac and 124.0.6367.118 for Linux which will roll out over the coming days/weeks.

The Extended Stable channel has been updated to 124.0.6367.118 for Mac and Windows which will roll out over the coming days/weeks.

This update includes 2 security fixes.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 124.0.6367.155/.156 Stable Channel Update for Desktop
The Stable channel has been updated to 124.0.6367.155/.156 for Mac and Windows and 124.0.6367.155 for Linux which will roll out over the coming days/weeks.

This update includes 2 security fixes.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 124.0.6367.201/.202 Stable Channel Update for Desktop
The Stable channel has been updated to 124.0.6367.201/.202 for Mac and Windows and 124.0.6367.201 for Linux which will roll out over the coming days/weeks.

This update includes 1 security fix.

Google is aware that an exploit for CVE-2024-4671 exists in the wild.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
Google Chrome 124.0.6367.207/.208 Stable Channel Update for Desktop
The Stable channel has been updated to 124.0.6367.207/.208 for Mac and Windows and 124.0.6367.207 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

This update includes 1 security fix.

Google is aware that an exploit for CVE-2024-4761 exists in the wild.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
Google Chrome 125.0.6422.60/.61 Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 125 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.
Chrome 125.0.6422.60 (Linux) 125.0.6422.60/.61( Windows, Mac) contains a number of fixes and improvements -- a list of changes is available in the log.

This update includes 9 security fixes.

Google is aware that an exploit for CVE-2024-4947 exists in the wild.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Google Chrome 125.0.6422.76/.77 Stable Channel Update for Desktop
The Stable channel has been updated to 125.0.6422.76/.77 for Windows, Mac and 125.0.6422.76 for Linux which will roll out over the coming days/weeks.

This update includes 6 security fixes.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
Google Chrome 125.0.6422.112/.113 Stable Channel Update for Desktop
The Stable channel has been updated to 125.0.6422.112/.113 for Windows, Mac and 125.0.6422.112 for Linux which will roll out over the coming days/weeks.

This update includes 1 security fix.

[N/A][341663589] High CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of Chrome Security on 2024-05-20

Google is aware that an exploit for CVE-2024-5274 exists in the wild.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
Google Chrome 125.0.6422.141/.142 Stable Channel Update for Desktop
The Stable channel has been updated to 125.0.6422.141/.142 for Windows, Mac and 125.0.6422.141 for Linux which will roll out over the coming days/weeks.

This update includes 11 security fixes.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top