"Chrome 127 Patches 24 Vulnerabilities"

Google recently announced the release of Chrome 127 to the stable channel with patches for 24 vulnerabilities, including 16 reported by external researchers.  Memory safety bugs were the predominant types of security defects addressed in the popular browser, accounting for half of the externally reported issues, including four high-severity ones.  Google noted that the browser update resolves five high-severity vulnerabilities, including three use-after-free flaws in Downloads, Loader, and Dawn, an out-of-bounds memory access in ANGLE, and an inappropriate implementation in Canvas.  Chrome 127 also patches eight medium-severity bugs, including a heap buffer overflow in Layout, use-after-free issues in Tabs, User Education, and CSS, inappropriate implementations in Fullscreen, FedCM, and HTML, and a race condition in Frames.  Google noted that external researchers also reported three low-severity security defects, namely an inappropriate implementation in FedCM and two insufficient validation of untrusted input issues in Safe Browsing.  Google says it handed over $55,000 in bug bounty rewards to the reporting researchers.  The latest Chrome release is now rolling out as versions 127.0.6533.72/73 for Windows and macOS and as version 127.0.6533.72 for Linux.  

 

SecurityWeek reports: "Chrome 127 Patches 24 Vulnerabilities"

Submitted by Adam Ekwall on