Google Chrome Browser (128.0.6613.84) Security Update Advisory

Overview

 

Google has released an update to address a vulnerability in the Chrome(https://www.google.com/chrome) browser. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

Chrome version prior to 128.0.6613.84 (Linux)

Chrome version prior to 128.0.6613.84/.85 (Windows, Mac)

 

Resolved Vulnerabilities

 

High-level memory free-and-reuse (UAF) vulnerability in the Autofill feature (CVE-2024-7968) [1]

Low-level security unvalidated vulnerability in the Custom tabs feature (CVE-2024-8034) [1]

Moderate Policy Enforcement Lack in the Data transfer feature (CVE-2024-7978) [1]

Low-level security unvalidated vulnerability in the Extensions function (CVE-2024-8035) [1]

Moderate Security Unvalidated Vulnerability in the Fedcm Function (CVE-2024-7976) [1]

High-level heap buffer overflow vulnerability in the Fonts function (CVE-2024-7967) [1]

Moderate Data Validation Insufficiency Vulnerability in the Installer Function (CVE-2024-7977) [1]

High-level memory free and reuse (UAF) vulnerability in the Passwords function (CVE-2024-7964) [1]

Moderate heap buffer overflow vulnerability in the Pdfium feature (CVE-2024-7973) [1]

Moderate security validation gap vulnerability in the Permissions feature (CVE-2024-7975) [1]

High-level out-of-bounds memory access vulnerability in the Skia feature (CVE-2024-7966) [1]

High-level security unvalidated vulnerability in V8 functionality (CVE-2024-7965) [1]

High-level Type Confusion Vulnerability in V8 Functionality (CVE-2024-7969) [1

High Level Type Confusion Vulnerability in V8 Functionality (CVE-2024-7971) [1

Moderate Security Validation Gap Vulnerability in V8 Functionality (CVE-2024-7972) [1]

Moderate Data Validation Lack in V8 API Functionality (CVE-2024-7974) [1]

Low-level security validation gap vulnerability in the Views function (CVE-2024-7981) [1]

Low-level security unvalidated vulnerability in the Webapp installs function (CVE-2024-8033) [1]

*CVE-2024-7971 is likely exploitable and requires attention.

 

Vulnerability Patches

 

The following Vulnerability Patches were made available in the August 21, 2024 update. For more information on Vulnerability Patches, please refer to the “Google Chrome” Referenced Sites documentation.

Chrome 128.0.6613.84 and later (Linux)

Chrome 128.0.6613.84/.85 and later (Windows, Mac)

 

Referenced Sites

 

[1] Stable Channel Update for Desktop

https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html

[2] Chrome Update

https://support.google.com/chrome/answer/95414?co=GENIE.Platform%3DDesktop

Article Link: Google Chrome Browser (128.0.6613.84) Security Update Advisory – ASEC