Google has released an update to its Mac Chrome browser that includes four security fixes. Three of the vulnerabilities were reported by third-party researchers, while the fourth was discovered by Google internally.
Google recommends updating the browser to version 120.0.6099.234. To check the Chrome version, launch Chrome and go to Chromium > Settings, and click About Chrome in the left column. In the main About Chrome window, the version number appears. If an update is available, you must click on the RELAUNCH button, which will exit the application, install the update and reopen it.
All three reported vulnerabilities are recorded in the National Vulnerability Database. Here is a list of descriptions provided by the NVD:
- CVE-2024-0517: Out-of-bounds writing in Google Chrome V8 prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2024-0518: Type confusion in Google Chrome V8 prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2024-0519: Out-of-bounds memory access in Google Chrome V8 prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Google says it is aware that CVE-2024-0519 has been exploited in the wild. The Chrome Releases blog notes that the update also includes “Various fixes from internal audits, fuzzing, and other initiatives,” tracked as issue 1518006 by Google.
