Last week, Google released the Chrome 128 browser, which, among other things, fixed a zero-day vulnerability. Today the company released an update for Chrome 128 that fixes four security issues. Reportedly, none of these vulnerabilities have been exploited in the real world yet. Other Chromium-based browsers will likely soon follow Google’s lead and release updates as well.
In the Chrome Releases blog, a Google spokesperson listed four vulnerabilities that have been fixed. They were discovered by third party researchers who reported them to Google. All four vulnerabilities are classified by the company as “high risk.” One of them, related to “type confusion” in the JavaScript V8 engine, was included in the report twice this week (CVE-2024-7969, CVE-2024-8194). The other two vulnerabilities are also related. They are related to a buffer overflow in the open source 2D graphics library Skia (CVE-2024-8193, CVE-2024-8198).
Chrome обычно обновляется автоматически при запуске и появлении новой версии, однако если ваш браузер ещё не обновился, вы можете запустить процесс обновления вручную. Для этого нужно открыть пункт меню «Параметры» —> «Справка» —> «About Google Chrome”, wait for the update to download, and then restart the browser.
At the time of writing, other Chromium-based browsers have not released updates. Brave and Microsoft Edge have already moved to Chromium 128, but without subsequent updates. Opera version 113 just moved to Chromium 127, Vivaldi version 6.8 still uses the extended stable channel of Chromium version 126, and Vivaldi 6.9 is based on the latest version of Chromium 128. All four browsers are protected from the CVE-2024-7971 zero-day vulnerability reported was reported last week.