With the new Chrome versions 124.0.6367.78/79 for Windows and macOS and 124.0.6367.78 for Linux from April 23rd, Google is fixing four vulnerabilities in its browser. The update was already available on Tuesday evening, but Google only published information about it later today (European time). Accordingly, none of these gaps have yet been exploited for attacks. Manufacturers of other Chromium-based browsers have not yet followed suit, but will follow suit in the near future.
In the Chrome Release Blog, Daniel Yip lists three of the four security holes that were discovered by external security researchers and reported to Google. Google classifies one of these vulnerabilities (CVE-2024-4058) as critical. This is a type mix-up in the graphics interface Angle. The discoverer receives a reward of $16,000.
Two additional security vulnerabilities are identified as high risk. They concern the Javascript engine V8 and the WebGPU implementation Dawn. One or two holes could be used to inject and execute code. Google does not provide any information about the gap discovered internally.
▶The latest security updates
Chrome usually updates itself automatically when a new version is available. With the menu entry » Help » About Google Chrome (alternatively: » Settings » About Google Chrome) you can trigger the update check manually. Google also released Chrome for Android 124.0.6367.82 and Chrome for iOS 124.0.6367.88.
Other Chromium based browsers
The manufacturers of other Chromium-based browsers are now once again required to quickly follow suit with updates. So far, only Brave and Microsoft (Edge) have made the switch to Chromium 124. This means you are at the security level before this Chrome update. Google released Chrome 124 last week.
Vivaldi and Opera are still lagging behind and, despite different Chromium generations, are at about the same security level as two weeks ago. Vivaldi is still on Chromium 122 with the current version branch 6.6. However, the new version 6.7 based on Chromium 124 is already in the starting blocks. Opera One 109.0.5097.59 from April 23rd is based on Chromium 123. Opera 110 based on Chromium 124 is still in the best test stage.
Chromium-based browsers at a glance:
Browser | version | Chromium version | secured? |
---|---|---|---|
Google Chrome | 124.0.6367.79 | 124.0.6367.79 | 🟢 |
Brave | 1,65,114 | 124.0.6367.60 | 🟠 |
Microsoft Edge | 124.0.2478.51 | 124.0.6367.61 | 🟠 |
OperaOne | 109.0.5097.59 | 123.0.6312.124 | 🔴 |
Vivaldi | 6.6.3271.61 | 122.0.6261.158 | 🔴 |