Chrome 121.0.6167.139/140 for Windows as well as Android and iOS available
The update fixes four security vulnerabilities where malicious code could be injected.
Google has fixed four security vulnerabilities with this weekly Chrome update. These gaps could allow malicious code to be injected.
Based on the risk assessment and the type of gaps, it can be concluded that attackers can inject and execute malicious code using manipulated websites.
The Chrome Releases Blog lists three of the vulnerabilities as reported by external IT researchers. The manufacturer only provides little information about these. These are therefore gaps that represent a high risk.
These security vulnerabilities are all of the use-after-free type. The program code uses resources such as pointers or memory that have already been released and therefore have undefined content. Malicious actors can often abuse such vulnerabilities to inject and ultimately execute their own code. Such vulnerabilities affect the browser components Canvas (CVE-2024-1060, no CVSS score, risk high), WebRTC (CVE-2024-1059, no CVSS score, risk high) and Network (CVE-2024-1077, no CVSS score, risk high).
After the update, the bug-fixed versions of Google Chrome have version numbers 121.0.6167.143 for Android, 121.0.6167.138 for iOS, 121.0.6167.139 for Linux and macOS, and 121.0.6167.139/140 for Windows. The extended stable version is now available at version 120.0.6099.276 for Mac and Windows.
To ensure that the browser is already running in the latest version, just click on the settings menu, which can be found to the right of the address bar under the icon with the three stacked dots, and then click Help - About Google Chrome.
The version dialog shows the currently running version of the browser and starts the update process if available. At the end, the dialog prompts you to restart the web browser.