Second Security update for Chrome 127 available

A new Chrome update closes another critical browser vulnerability. With the second security update for Chrome 127, Google has eliminated several vulnerabilities in its browser. This includes a security vulnerability classified as critical.

With the new Chrome versions 127.0.6533.99/100 for Windows and macOS and 127.0.6533.99 for Linux, Google has fixed six vulnerabilities in its browser, one of which is classified as critical. According to Google, none of the vulnerabilities have been exploited for attacks so far. Manufacturers of other Chromium-based browsers should follow suit quickly.

The Chrome Release Blog lists six security vulnerabilities that were discovered by external security researchers and reported to Google. Google classifies one of these vulnerabilities as critical, the others as high risk. The critical vulnerability CVE-2024-7532 in the WebGL library Angle represents a cross-border (and therefore illegal) memory access. The almost obligatory type confusion in the Javascript engine V8 is also back (CVE-2024-7550).

Last week, Google released the first security update for Chrome 127. Chrome usually updates itself automatically when a new version is available. You can manually start the update check using the menu entry » Help » About Google Chrome. Google has also released Chrome 127.0.6533.103 for Android and Chrome for iOS 127.0.6533.107. The Android version fixes the same vulnerabilities as the desktop versions.

On August 7, Brave was the first and so far only manufacturer of Chromium-based browsers to respond and provide an update. Brave 1.68.137 is based on the same Chromium version as Chrome.