"Chrome 128 Update Resolves High-Severity Vulnerabilities"

Google recently announced a new Chrome 128 update that addresses five vulnerabilities, including four reported by external researchers.  Google noted that all four externally reported flaws are high-severity memory safety issues that were reported in late August.  The first vulnerability, tracked as CVE-2024-8636, is a heap buffer overflow bug in Skia, the open-source 2D graphics library that serves as the graphics engine in the browser.  Next is CVE-2024-8637, a use-after-free security defect in Media Router.  Google noted that due to the incorrect use of memory allocation, use-after-free vulnerabilities could lead to code execution, data corruption, or denial of service.  The third bug reported by external researchers is CVE-2024-8638, a type confusion in the V8 JavaScript engine.  Google said such security defects typically lead to unexpected application behavior, crashes, and remote code execution.  The fourth externally reported vulnerability addressed with the latest Chrome update is CVE-2024-8639, a use-after-free flaw in Autofill.  The new browser update is now rolling out as Chrome versions 128.0.6613.137/.138 for Windows and macOS and version 128.0.6613.137 for Linux.  Google did not mention if any of these security defects were being exploited in the wild.  However, users should update their browsers as soon as possible.

SecurityWeek reports: "Chrome 128 Update Resolves High-Severity Vulnerabilities"