Google's developers have released the Chrome web browser in development branch 122. Essentially, they close twelve security gaps that could endanger browser users.

Of the twelve vulnerabilities, the programmers classify at least two as high risk, five as medium risk and one as low risk. The four vulnerabilities not mentioned were apparently discovered internally by the developers, so they are not disclosing any information about them at the moment.

Two high-risk security vulnerabilities

In the Blink browser engine, attackers can provoke memory accesses outside the intended limits - with a little skill, such vulnerabilities can often be abused to execute smuggled code (CVE-2024-1669, no CVSS, Google risk rating high risk). In the Mojo component for interprocess communication, malicious actors can attack through a use-after-free vulnerability, in which pointers or memory areas have already been released, but the program code then incorrectly accesses them again (CVE-2024-1670, no CVSS, high risk). The gaps can most likely be exploited by processing carefully crafted websites. ​ The errors correct the versions Google Chrome 122.0.6261.64 for Android, 122.0.6261.62 for iOS, 122.0.6261.57 for macOS and Linux and 122.0.6261.57/.58 for Windows. The extended stable releases also have a new version, where 122.0.6261.57 is now current for macOS and Windows.

To ensure that the browser is already running in the latest version, just click on the settings menu, which can be found to the right of the address bar under the icon with the three stacked dots, and then click Help - About Google Chrome.

The version dialog shows the currently running version of the browser and starts the update process if available. At the end, the dialog prompts you to restart the web browser.