New Chrome versions 120.0.6099.224/225 for Windows and other platforms available

Google has released an emergency update for Chrome 120 to fix a vulnerability that is already being exploited for attacks.

With the updates to the new Chrome versions 120.0.6099.224/225 for Windows as well as 120.0.6099.234 for macOS and 120.0.6099.224 for Linux released January 16, Google is eliminating four vulnerabilities in its browser, including a 0-day vulnerability. This is apparently already being exploited for attacks. Chrome for Android is also affected.

The Chrome Releases Blog lists the three security vulnerabilities that were discovered by external security researchers and reported to Google. Google classifies all three as high risk.

All three vulnerabilities affect the Javascript engine V8. The CVE-2024-0519 vulnerability is an out of bounds memory access. The vulnerability can be used to inject and execute code - and this is apparently already happening. The vulnerability was reported to Google just a few days ago. The vulnerability CVE-2024-0517 is only slightly older and of a similar nature (out of bounds write).

Chrome usually updates itself automatically when a new version is available. You can trigger the update check manually using the menu entry Help via Google Chrome. Google also released Chrome for Android 120.0.6099.230. The security vulnerabilities mentioned above have been eliminated. It remains unclear whether there are also attacks on Android users.