"Chrome 126 Update Patches Memory Safety Bugs"

Google recently announced a new Chrome security update that addresses four high-severity memory safety vulnerabilities reported by external researchers.  Google noted that the four issues tracked as CVE-2024-6290 to CVE-2024-6293 are use-after-free bugs impacting the Dawn and Swiftshader components of the popular browser.  The latest Chrome iteration is now rolling out to users as version 126.0.6478.126 for Linux and as versions 126.0.6478.126/127 for Windows and macOS.  Chrome for Android was also updated with fixes for these flaws and is now available as version 126.0.6478.122.  Google did not mention if any of these vulnerabilities were being exploited in the wild, but users are advised to update their browsers as soon as possible.  Google noted that use-after-free issues are related to the incorrect use of dynamic memory during an application’s operations and occur when, after memory allocation is freed, the pointer to that memory is not cleared.  An attacker could exploit the error to execute arbitrary code, corrupt data, or cause denial-of-service conditions.  When combined with other vulnerabilities, use-after-free bugs could lead to complete system compromise.  Google said that use-after-free issues in Chrome can be exploited to escape the browser’s sandbox if the attacker can target a vulnerability in the underlying operating system or a privileged Chrome process.

SecurityWeek reports: "Chrome 126 Update Patches Memory Safety Bugs"