With this Chrome update, Google developers have fixed two security vulnerabilities in the web browser. They classify one of them as a critical risk. Users should therefore ensure that they are using the secure versions before continuing to surf.

In the according blog post, Google programmers explain that the update from the night of Wednesday fixes two vulnerabilities. One of them is potential write access outside of the intended limits in the Dawn component of Chrome (CVE-2024-10487, no CVSS value, risk critical according to Google). Dawn is the implementation of the WebGPU standard in Chrome. Write access to memory areas not intended for this often allows attackers to inject and execute malicious code. Displaying a manipulated website seems to be sufficient for this and provoking the hole is not difficult, which is what the risk classification suggests.

Google Chrome with high-risk gap

The programmers have also sealed a use-after-free gap in the WebRTC implementation. This allows attackers to access resources that have already been released, the contents of which are therefore not defined, which can also often be abused to execute injected code (CVE-2024-10488, no CVSS value, risk high according to Google). WebRTC includes protocols and program interfaces for real-time communication.

Google has fixed the security vilnerabilities in Chrome for Android 130.0.6723.86, for iOS 130.0.6723.90, for Linux in version 130.0.6723.91 and with version 130.0.6723.91/.92 for macOS and Windows. The Extended Stable version is now also secured in version 130.0.6723.92 for macOS and Windows. Google often uses regular updates to seal security holes that reach a maximum severity level of high; vulnerabilities classified as critical threats or already exploited in the wild are comparatively rare - the last time this happened was at the end of August. Anyone who uses Chrome should therefore make sure to use the new versions.

Check your browser version

On Windows and macOS, all you need to do is open the version dialog by clicking on the icon with the three stacked dots to the right of the address bar, then click on Help and then About Google Chrome.

There, the web browser shows the current active status of the software running. If updates are available, it installs them and prompts you to restart the browser. Under Linux, this is usually the responsibility of the software management of the distribution used. Under Android and iOS, updates can be found in the respective app stores. However, not every smartphone model is offered the update immediately; this can take up to a few days, especially with older models.