{"id":25397,"date":"2024-10-30T08:10:06","date_gmt":"2024-10-30T16:10:06","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/10\/30\/news-19127\/"},"modified":"2024-10-30T08:10:06","modified_gmt":"2024-10-30T16:10:06","slug":"news-19127","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/10\/30\/news-19127\/","title":{"rendered":"Patch now! New Chrome update for two critical vulnerabilities"},"content":{"rendered":"\n<p>Google has\u00a0<a href=\"https:\/\/chromereleases.googleblog.com\/2024\/10\/stable-channel-update-for-desktop_29.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">released<\/a>\u00a0an update for its Chrome browser which includes patches for two critical vulnerabilities.<\/p>\n<p>The update brings the Stable channel to versions 130.0.6723.91\/.92 for Windows and Mac and 130.0.6723.91 for Linux.<\/p>\n<p>The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong\u2014such as an extension stopping you from updating the browser.<\/p>\n<p>To manually get the update, click&nbsp;<strong>Settings &gt; About Chrome<\/strong>. If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is restart the browser in order for the update to complete, and for you to be safe from those vulnerabilities.<\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"694\" height=\"508\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/10\/Chrome_up_to_date.png\" alt=\"Chrome is up to date at version 130.0.6723.92\" class=\"wp-image-119822\" \/><figcaption class=\"wp-element-caption\">Chrome is up to date<\/figcaption><\/figure>\n<p>This update is crucial as it addresses two major security vulnerabilities. Previous Chrome vulnerabilities reported by Apple <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/09\/update-chrome-now-google-patches-critical-vulnerability-which-is-exploited-in-the-wild\">turned out<\/a> to be exploited by a commercial spyware vendor.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-technical-details\">Technical details<\/h2>\n<p>One of the vulnerabilities was reported to Google by Apple Security Engineering and Architecture (SEAR), which reported the issue on October 23, 2024. This vulnerability, tracked as <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-10487\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2024-10487<\/a>, can be used by cybercriminals as a drive-by download. That means that a victim\u2019s device could be compromised just by visiting a malicious website or advertisement.<\/p>\n<p>The vulnerability was found in Dawn, an open source and cross-platform implementation of the <a href=\"https:\/\/en.wikipedia.org\/wiki\/WebGPU\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">WebGPU<\/a>-standard. WebGPU is a JavaScript Application Programming Interface (API) provided by a web browser that enables webpage scripts to use a device&#8217;s graphics processing unit (GPU).<\/p>\n<p>In this case, the discovered vulnerability could allow attackers to write data beyond the allocated memory, potentially leading to code execution or system crashes.<\/p>\n<p>The other vulnerability, tracked as <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-10488\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2024-10488<\/a>, was reported by <a href=\"https:\/\/x.com\/cassidy6564\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">researcher Cassidy Kim<\/a>. That vulnerability in Chrome\u2019s WebRTC (Web Real-Time Communication) component could lead to the execution of arbitrary code or cause a crash. It could be used for potential data theft or system crashes.<\/p>\n<hr class=\"wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide\" \/>\n<p><strong>We don\u2019t just report on threats\u2014we remove them<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/for-home\">downloading Malwarebytes today<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/10\/patch-now-new-chrome-update-for-two-critical-vulnerabilities\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Chrome issued a security update that patches two critical vulnerabilities. One of which was reported by Apple <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[2211,10699,32087,32],"class_list":["post-25397","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-apple","tag-chrome","tag-cve-2024-10487","tag-news"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25397"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25397\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}