Google has released updated versions of Chrome. They close six security vulnerabilities, several of which four are high risk.

Google developers have eliminated several security vulnerabilities in the Chrome web browser. The new versions, which were published on Wednesday of this week, contain a total of six vulnerabilities in the popular web browser. The developers rate the risk of four vulnerabilities as high. Two of them concern the Angle component, which can be used for rendering WebGL or OpenGL ES content. A vulnerability is of the use-after-free type, meaning that resources are accessed after they have been released, making them undefined and often allowing the execution of malicious code (CVE-2024-0222). In addition, a heap-based buffer overflow can occur in it, which, due to the risk classification, can probably also allow manipulated websites to inject malicious code (CVE-2024-0223).

Vulnerabilities with a high risk rating

Other browsers and frameworks also use the Angle software. However, it is currently unclear whether the errors also affect them. Two other high risk use-after-free vulnerabilities also affect the WebAudio and WebGPU modules (CVE-2024-0224, CVE-2024-0225).

The Google developers write in the Chrome Releases Blog that the new Chrome versions no longer have these gaps. They have also upgraded the extended stable versions to version 120.0.6099.199 for Mac and 120.0.6099.200 for Windows.

To ensure that the browser is already running in the latest version, just click on the settings menu, which can be found to the right of the address bar under the icon with the three stacked dots, and then click Help - About Google Chrome.

The version dialog shows the currently running version of the browser and starts the update process if available. At the end, the dialog prompts you to restart the web browser.

Since the gaps most likely also affect other Chromium-based web browsers such as Microsoft Edge, users of these browsers should also check whether updates are available for them. The path usually looks similar to Chrome.