Google on Tuesday announced the release of Chrome 127 to the stable channel with patches for 24 vulnerabilities, including 16 reported by external researchers.
Memory safety bugs once again were the predominant types of security defects addressed in the popular browser, accounting for half of the externally reported issues, including four high-severity ones.
The browser update resolves five high-severity vulnerabilities, including three use-after-free flaws in Downloads, Loader, and Dawn, an out-of-bounds memory access in ANGLE, and an inappropriate implementation in Canvas.
Chrome 127 also patches eight medium-severity bugs, including a heap buffer overflow in Layout, use-after-free issues in Tabs, User Education, and CSS, inappropriate implementations in Fullscreen, FedCM, and HTML, and a race condition in Frames.
External researchers also reported three low-severity security defects, namely an inappropriate implementation in FedCM and two insufficient validation of untrusted input issues in Safe Browsing.
As usual, access to vulnerability details is kept restricted until a majority of users have updated to the patched version of Chrome.
Google says it handed out over $55,000 in bug bounty rewards to the reporting researchers. However, the internet giant has yet to determine the amounts to be paid for six vulnerabilities, including three high-severity ones, meaning that the final amount could be much higher.
The company makes no mention of any of these vulnerabilities being exploited in the wild, but users are advised to update their browsers as soon as possible.
The latest Chrome release is now rolling out as versions 127.0.6533.72/73 for Windows and macOS and as version 127.0.6533.72 for Linux.
Related: Chrome 126 Updates Patch High-Severity Vulnerabilities
Related: Google Unveils New Chrome Enterprise Core Features for IT, Security Teams
Related: Google Will Keep Third-Party Cookies in Chrome
Related: New Deanonymization Attack Works on Major Browsers, Websites
