Google Chrome: security update fixes 38 issues, including one that is actively exploited
Google released security updates for Google Chrome on various platforms today. The update fixes a total of 38 unique security issues in the web browser. To make matters worse, one patches a 0-day exploit that is already used in attacks.
Chrome users are encouraged to update the browser as soon as possible on their devices.
Note: most security issues affect other Chromium-based browsers as well. If those are installed, use the built-in update checks to install the update as well. It may take a few days before the updates are released.
Chrome desktop users may select Menu > Help > About Chrome to display the installed version and run a check for updates. The browser should pick up the update then and install it automatically. A restart is required.
Tip: you may also load chrome://settings/help directly in the browser's address bar to get to the page.
The patched versions of Chrome are:
- Chrome for Windows: 128.0.6613.84 or 128.0.6613.85
- Chrome for Mac: 128.0.6613.84 or 128.0.6613.85
- Chrome for Linux: 128.0.6613.84
- Chrome for Android: 128.0.6613.88
- Chrome for iOS: 128.0.6613.92
Did you know that you can stop automatic Chrome updates on Windows?
The security issues
The official release notes are posted on the Chrome Releases blog.
The details:
- The update fixes 38 security issues in Chrome.
- 7 of the publicly reported issues are rated high, the second highest rating after critical.
- The issue that is exploited in the wild is CVE-2024-7971. It was reported by Microsoft.
Google confirms the use in the wild in the post: "Google is aware that an exploit for CVE-2024-7971 exists in the wild.".
The exploited issue is described as Type Confusion in V8. V8 is the JavaScript engine of the Chrome browser and Chromium browsers.
Google does not reveal anything else about the issue. It is unclear how widespread the attacks are of how they happen. The security issue is the ninth 0-day in Chrome in 2024.
The remaining security issues rated high fix an assortment of issues. They address issues in Passwords, V8, Skia, Fonts, or Autofill.
Do you install browser updates as soon as they are released? Or do you prefer to wait some time before installing them? Feel free to let us know in the comments below.