Chrome 149 Update Resolves 18 Severe Vulnerabilities
Google on Wednesday rolled out a new Chrome 149 update that resolves 18 vulnerabilities, including four critical and 14 high-severity security defects.
More than half of the addressed issues, including three critical and seven high-severity, are use-after-free flaws, a type of memory corruption bug that could lead to remote code execution (RCE).
In Chrome, use-after-free vulnerabilities can be combined with security holes in the underlying operating system or in a privileged browser process to escape the sandbox.
The remaining eight issues patched in this update are out-of-bounds read, inappropriate implementation, uninitialized use, and insufficient validation of untrusted input bugs.
Per Google’s advisory, the most severe of the flaws was reported by an anonymous researcher. The company has yet to disclose the bug bounty amount to be rewarded for the report.
The remaining 17 security defects were discovered by Google, a trend that has been ongoing for the past couple of months, likely fueled by the use of AI.
Also notable is the fact that, following a spike in new vulnerability discoveries in April and May, which culminated in a massive batch of 429 patches in early June, the number of fresh security weaknesses addressed with each new Chrome release has dropped into the lower two digits.
Google makes no mention of any of the newly resolved vulnerabilities being exploited in the wild.
The latest Chrome iteration is now rolling out as versions 149.0.7827.196/197 for Windows and macOS and as version 149.0.7827.196 for Linux.
Related: Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk
Related: Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities
Related: Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs
Related: Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking
https://www.securityweek.com/chrome-149-update-resolves-18-severe-vulnerabilities/