"Chrome 121 Patches 17 Vulnerabilities"

Google recently announced the promotion of Chrome 121 to the stable channel with patches for 17 vulnerabilities, including 11 reported by external researchers.  Of the externally reported security defects, three have a severity rating of "high." Google says it handed over $30,000 in bug bounty rewards to the reporting researchers.  Google noted that the first high-severity bug that Chrome 121 addresses is a use-after-free issue in WebAudio. Tracked as CVE-2024-0807, the flaw earned the reporting researcher a $11,000 bug bounty.  Next in line is CVE-2024-0812, described as an inappropriate implementation in Accessibility.  Google noted that it gave out a $9,000 reward for this security hole.  The third high-severity vulnerability is CVE-2024-0808, an integer underflow in WebUI, for which a $6,000 bug bounty was handed out.  Google stated that Chrome 121 also resolves six medium-severity issues, including two insufficient policy enforcement bugs, two use-after-free flaws, an incorrect security UI defect, and an inappropriate implementation.  Two other low-severity inappropriate implementation vulnerabilities were also patched.  Google did not mention if these vulnerabilities were being exploited in the wild.  The latest Chrome iteration is now rolling out as version 121.0.6167.85 for macOS and Linux, and as versions 121.0.6167.85/.86 for Windows.

SecurityWeek reports: "Chrome 121 Patches 17 Vulnerabilities"