With the latest security update for Chrome, Google has eliminated several security vulnerabilities in its browser that were identified as high risk.

Google has released updates to the new Chrome versions 128.0.6613.137/138 for Windows and macOS and 128.0.6613.137 for Linux. This fixes five new vulnerabilities in its browser, none of which appear to have been exploited for attacks so far. Manufacturers of other Chromium-based browsers should follow suit quickly.

The Chrome Release Blog lists four of the five security vulnerabilities that have been fixed and that were discovered by external security researchers and reported to Google. Google classifies all four vulnerabilities as high risk. These are use-after-free (UAF) vulnerabilities in the Autofill and Media Router components, as well as a buffer overflow in the 2D graphics library Skia. The type confusion in the Javascript engine V8 is also present again. As always, Google does not provide any information about the vulnerability that was found internally.

Chrome usually updates itself automatically when a new version is available. You can manually start the update check using the menu entry » Help » About Google Chrome (alternatively: » Settings » About Google Chrome).

Chromium-based browsers

The manufacturers of other Chromium-based browsers are now again required to follow up with updates as quickly as possible. Brave, Microsoft (Edge) and Vivaldi are at the security level of last week. Opera switched to Chromium 127 with Opera One 113 just three weeks ago. Opera 114 with Chromium 128 is still not in the beta test stage.