Google has released a critical security update for the Chrome web browser, addressing seven vulnerabilities, including a critical flaw that could potentially allow attackers to compromise users’ systems through specially crafted web pages.
Malwarebytes reports that Google has released a new version of its Chrome browser for Windows, Mac, and Linux, which includes fixes for seven security vulnerabilities. The most critical of these flaws, identified as CVE-2024-2883, is a use-after-free (UAF) vulnerability in the browser’s Angle component, which handles WebGL (Web Graphics Library) content.
Sundar Pichai, CEO of Google and Alphabet, attends a press event to announce Google as the new official partner of the Women’s National Team at Google Berlin. Photo: Christoph Soeder/dpa (Photo by Christoph Soeder/picture alliance via Getty Images)
According to the limited information provided by Google, the vulnerability could allow a remote attacker to potentially exploit heap corruption via a maliciously crafted HTML page. Heap corruption occurs when a program modifies the contents of a memory location outside of the allocated memory, which can lead to memory leaks, faults, or even the execution of malicious code.
Pieter Arntz, a Malware Intelligence Researcher at Malwarebytes, explains that “UAF is a type of vulnerability that is the result of the incorrect use of dynamic memory during a program’s operation.” He further notes that if an attacker can manipulate the program after it has freed a memory location without clearing the pointer, it can cause the program to “crash, use unexpected values, or execute code.”
Google considers Chromium vulnerabilities as critical if they “allow an attacker to read or write arbitrary resources (including but not limited to the file system, registry, network, etc.) on the underlying platform, with the user’s full privileges.” This means that a successful exploit of this vulnerability could potentially compromise a user’s system.
To protect users from this and other vulnerabilities addressed in the update, Google encourages Chrome users to update their browsers to version 123.0.6312.86 or later. The easiest way to do this is to allow Chrome to update automatically, which can be done by clicking on Settings > About Chrome or by navigating to chrome://settings/help.
Read more at Malwarebytes here.