"Chrome 128 Updates Patch High-Severity Vulnerabilities"
According to Google, two security updates released over the past week for the Chrome browser resolve eight vulnerabilities, including six high-severity bugs reported by external researchers. Last week, Google announced a Chrome 128 update with patches for four externally reported high-severity memory safety flaws. Google noted that three of the security defects affect the browser’s V8 JavaScript engine. They include two type confusion issues and a heap buffer overflow. The fourth vulnerability resolved last week is a heap buffer overflow in Skia, the open source 2D graphics library that Chrome, Firefox, and other browsers use as their graphics engine. Google said all four security defects were resolved in Chrome versions 128.0.6613.113/.114 for Windows and macOS and version 128.0.6613.113 for Linux. Google said it had yet to determine the bug bounty rewards to be handed out for these four issues. The internet giant also recently announced the release of another Chrome 128 update, with patches for four vulnerabilities, including two reported by external researchers. The externally reported bugs include a use-after-free in WebAudio, for which Google paid out a $7,000 reward, and an out-of-bounds write in the V8 engine, for which the reward has yet to be determined. Chrome versions 128.0.6613.119/.120 for Windows and macOS and version 128.0.6613.119 for Linux are rolling out with patches for all security issues. Google did not mention if these vulnerabilities were being exploited in the wild but recommends users of the browser apply the updates as soon as possible.
SecurityWeek reports: "Chrome 128 Updates Patch High-Severity Vulnerabilities"