Google closes 17 security holes in Chrome with the weekly browser update. Based on the severity, it can be deduced that attackers can use manipulated websites to inject and execute their own code. Eleven of the gaps were reported by external IT researchers, so there are only indications of them.

The Chrome Releases Blog lists three high-risk vulnerabilities, six medium-risk vulnerabilities, and two low-risk vulnerabilities. There is currently no information about the remaining six vulnerabilities found internally.

Three high-risk vulnerabilities

A use-after-free gap has been closed in WebAudio. In the case of gaps of this type, resources that have already been released and are therefore in an undefined state are incorrectly accessed again by the program code. This often makes it possible to execute injected malicious code (CVE-2024-0807, no CVSS value, risk high). The new version also corrects an inappropriate implementation in the accessibility component (CVE-2024-0812, no CVSS, risk high). An error in integer calculations can lead to an underflow in the WebUI (CVE-2024-0808, no CVSS, risk high).

The current versions that no longer contain the errors are Chrome for Android 121.0.6167.101, for Linux and macOS 121.0.6167.85 and 121.0.6167.85/.86 for Windows.

The extended stable version has also received an update, but remains in the 120 development branch. The current version is 120.0.6099.268 for macOS and Windows.

To ensure that the browser is already running in the latest version, just click on the settings menu, which can be found to the right of the address bar under the icon with the three stacked dots, and then click Help - About Google Chrome.

The version dialog shows the currently running version of the browser and starts the update process if available. At the end, the dialog prompts you to restart the web browser.