"Google Patches Critical Chrome Vulnerability Reported by Apple"

Google and Mozilla recently announced security updates for their Chrome and Firefox web browsers, and some of the vulnerabilities they patch are potentially severe.  Google announced the release of Chrome 130, which patches two vulnerabilities.   The first vulnerability, tracked as CVE-2024-10487, has been described as a critical out-of-bounds write issue in Dawn, the cross-platform implementation of the WebGPU standard. The second vulnerability patched with the release of Chrome 130 is CVE-2024-10488, a high-severity use-after-free in WebRTC.  Google has yet to determine the bug bounties it will pay for these vulnerabilities.  Mozilla released Firefox 132 and Thunderbird 132.  The latest versions of the browser and email client patch the same 11 vulnerabilities, including two high-severity issues.  The first high-severity vulnerability is tracked as CVE-2024-10458 and has been described as a permission leak that can occur from a trusted website to an untrusted website.  The second issue, CVE-2024-10459, is a use-after-free that can lead to an exploitable crash. The remaining vulnerabilities have been assigned medium and low severity ratings, and their exploitation can lead to spoofing, XSS attacks, data leaks, DoS conditions, and arbitrary code execution.

SecurityWeek reports: "Google Patches Critical Chrome Vulnerability Reported by Apple"