"Chrome 126 Updates Patch High-Severity Vulnerabilities"
Google recently announced security updates for Chrome 126 that address ten vulnerabilities, including eight high-severity bugs reported by external researchers. Google noted that the new Chrome 126 release resolves an inappropriate implementation flaw in V8, a type confusion in V8, use-after-free bugs in Screen Capture, Media Stream, Audio, and Navigation, a race condition in DevTools, and an out-of-bounds memory access in V8. Google says it paid out $10,000 and $7,000 bug bounty rewards for the inappropriate implementation and type confusion vulnerabilities in V8. The researchers who reported the use-after-free flaws were awarded $6,000, $5,000, $4,000, and $2,500 for their findings, respectively. In total, Google paid out over $32,000 in bug bounty rewards. The latest Chrome release is now rolling out as version 126.0.6478.182/183 for Windows and macOS and as version 126.0.6478.182 for Linux. Google also recently announced that Chrome for Android was updated to version 126.0.6478.186 and that it rolls out to Google Play with the same patches included in the latest desktop releases of the browser. Google did not mention if any of these vulnerabilities were being exploited in the wild, but users are advised to update their browsers as soon as possible.
SecurityWeek reports: "Chrome 126 Updates Patch High-Severity Vulnerabilities"