Google has released an update to its Mac Chrome browser that includes four security fixes. Three of the vulnerabilities were reported by third-party researchers, while the fourth was discovered by Google internally.
Google recommends updating the browser to version 120.0.6099.234. To check the Chrome version, launch Chrome and go to Chromium
All three reported vulnerabilities are recorded in the National Vulnerability Database. Here is a list of descriptions provided by the NVD:
- CVE-2024-0517: Out-of-bounds writing in Google Chrome V8 prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2024-0518: Type confusion in Google Chrome V8 prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2024-0519: Out-of-bounds memory access in Google Chrome V8 prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Google says it is aware that CVE-2024-0519 has been exploited in the wild. The Chrome Releases blog notes that the update also includes “Various fixes from internal audits, fuzzing, and other initiatives,” tracked as issue 1518006 by Google.