On October 15 and 16, 2024, Google rolled out a significant update for its Chrome browser, targeting 17 security vulnerabilities across various platforms. The latest versions—130.0.6723.58/59 for Windows and macOS, and 130.0.6723.58 for Linux—are now available, with updates gradually reaching users over the coming days.
KEY SECURITY ISSUES
Among the vulnerabilities addressed, CVE-2024-9954 stands out as a high-risk use-after-free flaw in Chrome’s AI component, for which Google awarded a substantial $36,000 bounty.
CVE ID
|
Severity
|
Description |
Rewards |
Reported By |
CVE-2024-9954 |
High |
|
|
DarkNavy |
|
Medium |
Use after free in Web Authentication |
|
|
Anonymous |
|
Medium |
Inappropriate implementation in Web Auth |
|
|
mastersplinter |
|
Medium |
|
|
|
|
Medium |
Inappropriate implementation in PictureInPicture |
|
|
|
|
Medium |
Use after free in DevTools |
|
|
|
|
Medium |
|
|
|
CVE-2024-9961 |
Medium |
Use after free in Parcel Tracking |
|
|
|
|
Medium |
Inappropriate implementation in Permissions |
|
|
Shaheen Fazim |
|
Medium |
Insufficient data validation in Downloads |
|
TBD |
|
CVE-2024-9964 |
Low |
Inappropriate implementation in Payments |
|
|
Hafiizh |
|
Low |
Insufficient data validation in DevTools |
|
|
Shaheen Fazim |
|
Low |
Inappropriate implementation in Navigations |
|
|
|
Update Process
Users are strongly encouraged to update their browsers as soon as possible to mitigate risks associated with these vulnerabilities. Chrome typically updates automatically, but users can also manually check for updates via the browser’s settings.
Ongoing Security Commitment
Google's ongoing commitment to security includes collaboration with external researchers, which has led to a total of $72,000 awarded in bug bounties for the recent vulnerabilities. The company utilizes a range of internal tools, such as AddressSanitizer and MemorySanitizer, to proactively identify and resolve potential security issues.
In addition to these security updates, Google has also promoted Chrome 131 to the Beta channel for Android, iOS, and desktop, featuring performance enhancements and new functionalities.
This release underscores Google’s dedication to providing a secure browsing experience and highlights the importance of timely updates in protecting users from emerging threats.