Google has identified two high-severity vulnerabilities in its Chrome web browser, specifically CVE-2024-12381 and CVE-2024-12382, prompting an urgent call for users to update their browsers. Discovered through external research, these vulnerabilities could allow attackers to exploit users’ systems. The vulnerabilities have been confirmed by the Google Chrome team in a posting dated December 10, 2024.
Google identifies severe vulnerabilities in Chrome, urges updates
CVE-2024-12381 is classified as a type confusion vulnerability within the V8 JavaScript engine, potentially enabling attackers to execute arbitrary code on compromised systems. CVE-2024-12382 is a use-after-free vulnerability tied to the Translate function in Chrome, which may also allow unauthorized control over affected systems. Both vulnerabilities have been addressed in the latest Chrome stable channel update.
The recent update is available for all versions of Chrome, including Windows, Mac, Linux, and Android. The patched versions include Chrome 131.0.6778.139/.140 for Windows, Chrome 131.0.6778.139/.140 for Mac, Chrome 131.0.6778.139 for Linux, and Chrome 131.0.6778.135 for Android. Updates will be gradually rolled out in the coming days and weeks; however, users are strongly encouraged to perform the update immediately for enhanced security.
To manually initiate the update process, users should go to the Help menu and select the “About Google Chrome” option. The browser will automatically search for the latest version and download it. Once the download is complete, users must click the “Relaunch” button to activate the new protections.
Urgency of the security risks
The notion of urgency surrounding these vulnerabilities is compounded by the recent confirmation of a critical new Windows zero-day vulnerability reported by Microsoft. The dual presence of these security risks highlights an ongoing trend of increasing cyber threats effectively targeting well-known applications and systems. The seriousness of CVE-2024-12381 and CVE-2024-12382 cannot be overstated. Given the potential ramifications, it is crucial for users to prioritize the update to mitigate the risk of exploitation by attackers.
Security experts have warned that type confusion vulnerabilities can lead to code execution, while use-after-free vulnerabilities may expose programs to crashes or even remote control by malicious actors. With cyber threats evolving, maintaining updated software is a necessary first line of defense for users.
Users should remain informed and proactive regarding cybersecurity practices. Updates not only protect individual users but also contribute to the overall integrity of the internet’s infrastructure, reducing potential risks related to zero-day vulnerabilities.
Featured image credit: Nathana Rebouças/Unsplash
