"Google Patches Critical Chrome Vulnerability"

Google recently announced the availability of a Chrome 124 update that patches four vulnerabilities, including a critical security hole. Google noted that the critical vulnerability, tracked as CVE-2024-4058, is a type confusion bug in the ANGLE graphics layer engine. Google has credited two members of Qrious Secure for reporting CVE-2024-4058. They have been awarded a $16,000 bounty for their findings. Google has not mentioned if CVE-2024-4058 is being exploited in the wild. The latest Chrome update also patches two high-severity vulnerabilities for which bug bounties have yet to be determined: CVE-2024-4059, an out-of-bounds read in the V8 API, and CVE-2024-4060, a use-after-free in the Dawn component.

 

SecurityWeek reports: "Google Patches Critical Chrome Vulnerability"

Submitted by Adam Ekwall on