Chrome 125 Update Resolves High-Severities Bugs Reported by External Researchers

Google has announced the release of Chrome 125, a significant update addressing several vulnerabilities, including four high-severity bugs reported by external researchers. This latest update, crucial for maintaining the security of users’ browsing experiences, underscores Google’s ongoing commitment to patching and improving its browser’s defenses.

One of the critical issues addressed in Chrome 125 is tracked as CVE-2024–5157. This vulnerability, identified as a use-after-free flaw in Scheduling, was reported by Looben Yang approximately a month ago. In recognition of this discovery, Yang received an $11,000 bug bounty reward from Google. Use-after-free vulnerabilities have long been a concern for Chrome’s security team, as they pose significant risks, potentially leading to sandbox escapes if exploited by attackers targeting underlying operating system vulnerabilities or privileged Chrome processes.

In addition to CVE-2024–5157, Google also patched CVE-2024–5158, a type confusion bug in the V8 JavaScript engine. Zhenghang Xiao, who reported this security defect in early May, was awarded a $10,000 bug bounty reward by Google. The update further addresses two heap buffer overflow issues: one affecting the ANGLE graphics layer engine (CVE-2024–5159) and another found in Dawn, Chrome’s implementation of the WebGPU standard (CVE-2024–5160). While Google has disclosed a $5,000 bug bounty reward for the ANGLE flaw, the amount awarded for the Dawn issue remains undisclosed.

The latest Chrome release, version 125.0.6422.76 for Linux and versions 125.0.6422.76/.77 for Windows and macOS, is now rolling out to users. While Google has not reported any of these vulnerabilities being exploited in the wild, users are strongly advised to update their browsers promptly to mitigate potential risks.

Notably, Chrome 125’s rollout follows closely on the heels of its promotion to the stable channel on May 15. This version was released with patches for the seventh zero-day documented in the browser this year, marking the third Chrome zero-day to be resolved within a week. These rapid responses to emerging threats highlight Google’s proactive approach to addressing security concerns and safeguarding its users’ online experiences.

In conclusion, the Chrome 125 update represents a significant step forward in enhancing browser security. By promptly addressing reported vulnerabilities and rewarding external researchers for their contributions, Google continues to demonstrate its commitment to maintaining a secure browsing environment for millions of users worldwide.

Share your thoughts

For more and related subscribe eL Njas!™