Google Patches Six Vulnerabilities With First Chrome Update of 2024

Google on Wednesday announced the first Chrome security update of 2024, which resolves six vulnerabilities, including four reported by external researchers.
All the four externally reported security defects are high-severity memory safety flaws, but bug bounty rewards were handed out only for three of them, Google notes in its advisory.
The first two bugs, tracked as CVE-2024-0222 and CVE-2024-0223, are use-after-free and heap buffer overflow vulnerabilities in the graphics rendering engine ANGLE. Both issues were reported by Qrious Secure researchers, who received $15,000 bug bounty rewards for each of them.
The third bug, CVE-2024-0224, is a use-after-free defect in Chrome's WebAudio component.
Google says it handed out a $10,000 bug bounty for this flaw to the Ant Group Light-Year Security Lab researcher who reported it.
The latest Chrome update also resolves a use-after-free vulnerability in WebGPU. The bug is tracked as CVE-2024-0225 and Google has yet to disclose the bug bounty amount to be paid to the reporting researcher.
Use-after-free issues occur when the pointer is not cleared when freeing memory allocation and typically lead to arbitrary code execution, data corruption, or denial-of-service.
In Chrome, use-after-free bugs can be exploited to escape the browser's sandbox, if the attacker targets a flaw in the underlying operating system or in a privileged process.
Google has been long working on improving memory safety in Chrome, and also hardened the browser against the exploitation of use-after-free vulnerabilities.
Despite these efforts, dozens of use-after-free issues were documented in the browser last year, most of them rated 'high severity'.
The latest Chrome iteration is now rolling out as version 120.0.6099.199 for macOS and Linux and as versions 120.0.6099.199/200 for Windows.
Google updated Chrome's extended stable channel to version 120.0.6099.199 for macOS and to version 120.0.6099.200 for Windows.
The internet giant makes no mention of any of the vulnerabilities patched with this Chrome update being exploited in the wild.


This Cyber News was published on www.securityweek.com. Publication date: Thu, 04 Jan 2024 15:43:36 +0000


Cyber News related to Google Patches Six Vulnerabilities With First Chrome Update of 2024

Google Patches Six Vulnerabilities With First Chrome Update of 2024 - Google on Wednesday announced the first Chrome security update of 2024, which resolves six vulnerabilities, including four reported by external researchers. All the four externally reported security defects are high-severity memory safety flaws, but ...
10 months ago Securityweek.com
Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
9 months ago Darkreading.com
Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
6 months ago Techrepublic.com
Google Chrome's new "IP Protection" will hide users' IP addresses - Google is getting ready to test a new "IP Protection" feature for the Chrome browser that enhances users' privacy by masking their IP addresses using proxy servers. Recognizing the potential misuse of IP addresses for covert tracking, Google seeks to ...
11 months ago Bleepingcomputer.com
Ahead of Regulatory Wave: Google's Pivotal Announcement for EU Users - Users in the European Union will be able to prevent Google services from sharing their data across different services if they do not wish to share their data. Google and five other large technology companies must comply with the EU's Digital Markets ...
9 months ago Cysecurity.news
Google Online Security Blog: Sustaining Digital Certificate Security - The Chrome Security Team prioritizes the security and privacy of Chrome's users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to ...
4 months ago Security.googleblog.com
Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
11 months ago Darkreading.com
Google patches third exploited Chrome zero-day in a week - Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week. The company fixed the zero-day flaw with the release of 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60. ...
5 months ago Bleepingcomputer.com
Google: Malware abusing API is standard token theft, not an API issue - Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. In late November 2023, BleepingComputer reported on two information-stealing malware ...
10 months ago Bleepingcomputer.com
Google promises a rescue patch for Android 14's "ransomware" bug - So Android 14 has this pretty horrible storage bug for upgrading users. Bugs are always going to happen, but the big problem with this is that Google has seemingly been ignoring it, and on Friday we wrote about how users have been piling up hundreds ...
11 months ago Arstechnica.com
Check if you're in Google Chrome's third-party cookie phaseout test - Google has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test. Third-party cookies, which track users' browsing ...
9 months ago Bleepingcomputer.com
Google paid $10 million in bug bounty rewards last year - Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. Though this is lower than the $12 million Google's Vulnerability Reward Program paid ...
7 months ago Bleepingcomputer.com
Google fixes first actively exploited Chrome zero-day of 2024 - Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year. The company fixed the zero-day for users in the Stable Desktop channel, with patched versions rolling out worldwide ...
9 months ago Bleepingcomputer.com
User-Friendly Update: Clear Your Chrome History on Android with Ease - As part of its commitment to keeping users happy, Google Chrome prioritizes providing a great experience - one of the latest examples of this is a new shortcut that makes it easier to clear browsing data on Android. Chrome has made deleting users' ...
9 months ago Cysecurity.news
Google Chrome now auto-upgrades to secure connections for all users - Google has taken a significant step towards enhancing Chrome internet security by automatically upgrading insecure HTTP requests to HTTPS requests for 100% of users. A limited rollout of this feature in Google Chrome began in July, but as of October ...
11 months ago Bleepingcomputer.com
Versions 14 and 13 of Android are Vulnerable to New Lock Screen Bypass Exploits - Using Android 14 and 13 smartphones, a newly discovered bug allowing the user to bypass the lock screen can compromise sensitive information from Google accounts stored in users' Google accounts, according to security researcher Jose Rodriguez. It ...
10 months ago Cysecurity.news
Google shares fix for Pixel phones hit by bad system update - Google has shared a temporary fix for owners of Google Pixel devices that were rendered unusable after installing the January 2024 Google Play system update. As previously reported by BleepingComputer, after the January 2024 Google Play system ...
9 months ago Bleepingcomputer.com
CVE-2009-3874 - Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary ...
6 years ago
Google Fixes Nearly 100 Android Security Issues - December was a hectic month for updates as firms including Apple and Google rushed to get patches out to fix serious flaws in their products before the holiday break. Enterprise software giants also issued their fair share of patches, with Atlassian ...
10 months ago Wired.com
Google Chrome 120 Released with Patch for 10 Critical Security Flaws - Google has recently released Chrome 120 for Windows, Mac, and Linux. This version of Chrome comes with 10 security patches to ensure a safer browsing experience for its users. The most recent versions of Chrome available to users are 120.0.6099.62 ...
11 months ago Cybersecuritynews.com
Frustration grows over Google's AI Overviews feature, how to disable - Since Google enabled its AI-powered search feature, many people have tried and failed to disable the often incorrect AI Overviews feature in regular search results. When you're signed into Google and search for general topics like how to install one ...
5 months ago Bleepingcomputer.com
Microsoft again bothers Chrome users with Bing popup ads in Windows - Microsoft is once again harassing Google Chrome users on Windows 10 and Windows 11 with popup desktop advertisements promoting Bing and its GPT-4 Bing Chat platform. Due to the quality of the pixelated ads, some who received them were concerned that ...
7 months ago Bleepingcomputer.com
Google Chrome's new cache change could boost performance - Google is introducing a significant change to Chrome's Back/Forward Cache behavior, allowing web pages to be stored in the cache, even if a webmaster specifies not to store a page in the browser's cache. "Bfcache is an in-memory cache that stores a ...
11 months ago Bleepingcomputer.com
Google discloses 2 zero-day vulnerabilities in less than a week - Google patched another Chrome zero-day vulnerability on Monday, the second one in the span of four days. In a blog post on Monday, Daniel Yip, technical program manager at Google, disclosed a high-severity out-of-bounds write vulnerability tracked as ...
5 months ago Techtarget.com
Google now pays $250,000 for KVM zero-day vulnerabilities - Google has launched kvmCTF, a new vulnerability reward program first announced in October 2023 to improve the security of the Kernel-based Virtual Machine hypervisor that comes with $250,000 bounties for full VM escape exploits. KVM, an open-source ...
4 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)