Google has recently updated Chrome to version 128 to address a zero-day vulnerability, and a follow-up update has now patched four additional high-risk security flaws. Although these vulnerabilities have not been exploited in the wild, they were identified and reported by external researchers. The Chrome Releases blog details that these issues include two separate type confusion vulnerabilities in the V8 JavaScript engine (CVE-2024-7969 and CVE-2024-8194) and two buffer overflow vulnerabilities in the Skia graphics library (CVE-2024-8193 and CVE-2024-8198).
For those using Chrome, updates are typically applied automatically, but users should check manually if their browser hasn’t yet been updated. This can be done through the three-dot menu under Help > About Google Chrome.
As for other Chromium-based browsers, Brave and Microsoft Edge have adopted Chromium 128 but are on the previous week’s security patch level. Opera version 113 has recently moved to Chromium 127, Vivaldi version 6.8 remains on Chromium 126, while version 6.9 has been updated to Chromium 128. All browsers are protected against the CVE-2024-7971 zero-day vulnerability that was disclosed last week.