Google has released an update to its Mac Chrome browser that includes four security fixes. Three of the vulnerabilities were reported by third-party researchers, while the fourth was discovered by Google internally.
Google recommends updating the browser to version 120.0.6099.234. To check Chrome’s version, launch Chrome and go to Chrome > Settings, and click About Chrome in the left column. In the main About Chrome window, the version number appears. If an update is available, you need to click the Relaunch button, which will quit the app, install the update, and re-open it.
The three reported vulnerabilities are recorded in the National Vulnerability Database. Here’s a list with descriptions provided by the NVD:
- CVE-2024-0517: Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2024-0518: Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2024-0519: Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Google notes that it is aware of CVE-2024-0519 having been exploited in the wild. The Chrome Releases blog notes that the update also includes “Various fixes from internal audits, fuzzing, and other initiatives,” tracked as Issue 1518006 by Google.
Source : Macworld