Patch/Configuration Management, Vulnerability Management, Cloud Security

Fixes issued for six Chrome vulnerabilities

Six security flaws in Google Chrome have been addressed as part of the browser's first security update this year, reports SecurityWeek. Included in the patched bugs were four high-severity memory safety vulnerabilities reported by third-party researchers. Qrious Secure researchers were given $15,000 each for identifying the use-after-free and heap buffer overflow bugs in the ANGLE graphics rendering engine, tracked as CVE-2024-0222 and CVE-0223, while an Ant Group Light-Year Security Lab researcher was rewarded $10,000 for discovering the use-after-free issue in the browser's WebAudio component, tracked as CVE-2024-0224. Another use-after-free bug in WebGPU, tracked as CVE-2024-0225, has been fixed but the bounty to be given for its discovery has yet to be reported by Google. Such an update comes amid the growing prevalence of mostly high-severity use-after-free vulnerabilities in Chrome, which could be leveraged for denial-of-service and arbitrary code execution, even after Google's implementation of security enhancements in the browser.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.