"Chrome 126 Update Patches Vulnerability Exploited at Hacking Competition"

Google recently announced a Chrome 126 update that contains six security fixes, four of which address high-severity vulnerabilities reported by external researchers.  The first externally reported bug addressed with this update, CVE-2024-6100, is a high-severity type confusion issue in the V8 JavaScript engine.  The second issue addressed is CVE-2024-6101, which was described as an inappropriate implementation in WebAssembly.  The Chrome 126 security update also resolves two high-severity flaws in Dawn, namely an out-of-bounds memory access flaw (CVE-2024-6102) and a use-after-free (CVE-2024-6103).  Google, as usual, has shared no technical details on these vulnerabilities.  The company did not mention if any of the issues were being exploited in the wild.  The latest Chrome iteration is now rolling out to users as version 126.0.6478.114 for Linux and as versions 126.0.6478.114/115 for Windows and macOS.

 

SecurityWeek reports: "Chrome 126 Update Patches Vulnerability Exploited at Hacking Competition"

Submitted by Adam Ekwall on