Google Chrome browser (127.0.6533.72/73) security update advisory

Overview

 

Google has released an update to address a vulnerability in the Chrome(https://www.google.com/chrome) browser. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

Chrome version prior to 127.0.6533.72 (Linux)

Chrome version prior to 127.0.6533.72/73 (Windows)

 

Resolved Vulnerabilities

 

High-level out-of-bounds memory access vulnerability in the Angle feature (CVE-2024-6992 and 1 other) [1]

High security unvalidated vulnerability in the Canvas function (CVE-2024-6993 and 1 other) [1]

Moderate Memory Free and Reuse (UAF) Vulnerability in Css Functionality (CVE-2024-7000 and 1 other) [1]

High-level memory free and reuse (UAF) vulnerability in the Dawn function (CVE-2024-6991 and 1 other) [1]

High level memory free and reuse (UAF) vulnerability in Downloads function (CVE-2024-6988 and 1 other) [1]

Moderate security unvalidated vulnerability in the Fedcm function (CVE-2024-6999 and 1 other) [1]

Low security untested vulnerability in Fedcm functionality (CVE-2024-7003 and 1 other) [1]

Moderate Race Condition Vulnerability in Frames Functionality (CVE-2024-6996 and 1 other) [1

Moderate Security Unvalidated Vulnerability in Fullscreen Functionality (CVE-2024-6995 and 1 other) [1]

Moderate untested security vulnerability in the Html function (CVE-2024-7001 and 1 other) [1]

Moderate Heap Buffer Overflow Vulnerability in the Layout Function (CVE-2024-6994 and 1 other) [1]

High level memory free and reuse (UAF) vulnerability in the Loader function (CVE-2024-6989 and 1 other) [1]

Low-level lack of validation of untrusted input vulnerability in the Safe browsing function (CVE-2024-7004 and 3 others) [1]

Moderate Memory Free and Reuse (UAF) vulnerability in the Tabs feature (CVE-2024-6997 and 1 other) [1]

Moderate Memory Free and Reuse (UAF) vulnerability in the User education function (CVE-2024-6998 and 1 other) [1]

 

Vulnerability Patches

 

The following Vulnerability Patches were made available in the 07/23/2024 update. For more information on Vulnerability Patches, please refer to the “Google Chrome” Referenced Sites document.

Chrome 127.0.6533.72/73 and later (Windows)

Chrome 127.0.6533.72 and later (Linux)

 

Referenced Sites

 

[1] Stable Channel Update for Desktop

https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html

[2] Chrome Update

https://support.google.com/chrome/answer/95414?co=GENIE.Platform%3DDesktop

Article Link: Google Chrome browser (127.0.6533.72/73) security update advisory – ASEC