Two security updates released over the past week for the Chrome browser resolve eight vulnerabilities, including six high-severity bugs reported by external researchers.
Last week, Google announced a Chrome 128 update that rolled out with patches for four externally reported high-severity memory safety flaws.
Three of the security defects, the internet giant revealed in an advisory, affect the browser’s V8 JavaScript engine. They include two type confusion issues and a heap buffer overflow.
The fourth vulnerability resolved last week is a heap buffer overflow in Skia, the open source 2D graphics library that Chrome, Firefox, and other browsers use as their graphics engine.
All four security defects were resolved in Chrome versions 128.0.6613.113/.114 for Windows and macOS and version 128.0.6613.113 for Linux. Google said it had yet to determine the bug bounty rewards to be handed out for these four issues.
On Monday, the internet giant announced the release of another Chrome 128 update, with patches for four vulnerabilities, including two reported by external researchers.
The externally reported bugs include a use-after-free in WebAudio, for which Google paid out a $7,000 reward, and an out-of-bounds write in the V8 engine, for which the reward has yet to be determined.
Chrome versions 128.0.6613.119/.120 for Windows and macOS and version 128.0.6613.119 for Linux are rolling out with patches for all security issues.
Google makes no mention of any of these vulnerabilities being exploited in the wild. However, the internet giant’s fast release pace suggests that updating the browser as soon as possible is recommended.
Related: Google Now Offering Up to $250,000 for Chrome Vulnerabilities
Related: Google Warns of Exploited Chrome Vulnerability
Related: Google Patches Sixth Exploited Chrome Zero-Day of 2024
Related: Chrome, Firefox Updates Patch Serious Vulnerabilities
