A critical update for Google Chrome has been released, addressing 17 security vulnerabilities.

In a proactive move to bolster online security, Google has released an update for its Chrome browser, introducing version 130.0.6723.58/59 for Windows and macOS, alongside 130.0.6723.58 for Linux users. This update addresses a total of 17 vulnerabilities, reinforcing the browser's defenses against potential threats. This rollout will occur gradually over the next few days and weeks, ensuring users across all platforms receive the necessary patches. Notably, several of the identified vulnerabilities were highlighted by external security researchers, showcasing the collaborative effort to improve browser safety. Users are encouraged to keep their browsers updated to benefit from these important security enhancements, contributing to a safer browsing experience for everyone.

A critical update for Google Chrome has been released, addressing 17 security vulnerabilities.

On October 15 and 16, 2024, Google rolled out a significant update for its Chrome browser, targeting 17 security vulnerabilities across various platforms. The latest versions—130.0.6723.58/59 for Windows and macOS, and 130.0.6723.58 for Linux—are now available, with updates gradually reaching users over the coming days.

KEY SECURITY ISSUES

Among the vulnerabilities addressed, CVE-2024-9954 stands out as a high-risk use-after-free flaw in Chrome’s AI component, for which Google awarded a substantial $36,000 bounty.

CVE ID
Severity
Description Rewards Reported By
CVE-2024-9954 High
Use after free in AI
$36,000
DarkNavy
CVE-2024-9955
Medium
Use after free in Web Authentication
$6,000
Anonymous
CVE-2024-9956
Medium
Inappropriate implementation in Web Auth
$6,000
mastersplinter
CVE-2024-9957
Medium
Use after free in UI
$5,000
lime & fmyy
CVE-2024-9958
Medium
Inappropriate implementation in PictureInPicture
$5,000
Lyra Rebane
CVE-2024-9959
Medium
Use after free in DevTools
$4,000
Sakana.S
CVE-2024-9960
Medium
Use after free in Dawn
$2,000
Anonymous
CVE-2024-9961 Medium
Use after free in Parcel Tracking
$2,000
lime & fmyy
CVE-2024-9962
Medium
Inappropriate implementation in Permissions
$1,000
Shaheen Fazim
CVE-2024-9963
Medium
Insufficient data validation in Downloads
TBD
Anonymous
CVE-2024-9964 Low
Inappropriate implementation in Payments
$3,000
Hafiizh
CVE-2024-9965
Low
Insufficient data validation in DevTools
$1,000
Shaheen Fazim
CVE-2024-9966
Low
Inappropriate implementation in Navigations
$1,000

Harry Chen

Update Process

Users are strongly encouraged to update their browsers as soon as possible to mitigate risks associated with these vulnerabilities. Chrome typically updates automatically, but users can also manually check for updates via the browser’s settings.

Ongoing Security Commitment

Google's ongoing commitment to security includes collaboration with external researchers, which has led to a total of $72,000 awarded in bug bounties for the recent vulnerabilities. The company utilizes a range of internal tools, such as AddressSanitizer and MemorySanitizer, to proactively identify and resolve potential security issues.

In addition to these security updates, Google has also promoted Chrome 131 to the Beta channel for Android, iOS, and desktop, featuring performance enhancements and new functionalities.

This release underscores Google’s dedication to providing a secure browsing experience and highlights the importance of timely updates in protecting users from emerging threats.