New Google Chrome Security Update Warning—What You Need To Know

New Google Chrome Security Update Warning—What You Need To Know

New Google Chrome Security Update Warning—What You Need To Know

Author: Davey Winder, Senior Contributor
Published on: 2024-12-20 09:59:59
Source: Forbes – Innovation

Disclaimer:All rights are owned by the respective creators. No copyright infringement is intended.


Update, Dec. 20, 2024: This story, originally published Dec. 19, now includes further advice on update action for organizations running any Chrome or Chromium-powered browsers.

Hot on the heels of an emergency update to Google’s Chrome web browser comes yet another security update for billions of users across multiple operating system platforms. This time, the update urgency remains the same, but the number of vulnerabilities does not: four high-rated vulnerabilities have been confirmed by Google; here’s what you need to know and do.

ForbesNew Gmail Security Warning For 2.5 Billion—Second Attack Wave Incoming

Urgent Google Chrome Security Update For All Users Confirmed—What You Need To Know

Google has confirmed that the Chrome web browser is being updated again, an update that will roll out in the coming days and weeks. The reason? A total of four high-rated security vulnerabilities which between them have earned the security researchers who discovered them a whopping $75,000 in hacker bounties.

The four vulnerabilities that Google has confirmed are:

  • CVE-2024-12692: A type confusion vulnerability in the Chrome V8 Javascript rendering engine.
  • CVE-2024-12693: An out-of-bounds memory access vulnerability in the Chrome V8 Javascript rendering engine.
  • CVE-2024-12694: A use-after-free vulnerability in the Chrome browser compositing function.
  • CVE-2024-12695: An out-of-bounds write vulnerability in the Chrome V8 Javascript rendering engine.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Prudhvikumar Bommana from the Google Chrome security team said, “We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”

How To Securely Update Google ChromeTo Ensure Protection From The Latest Vulnerabilities

Chrome has been updated to the following versions:

  • 131.0.6778.204/.205 for Windows and Mac
  • 131.0.6778.204 for Linux
  • 131.0.6778.200 for Android

The more than 3 billion users of Google Chrome who are potentially impacted by these security vulnerabilities need to make sure that they are protected as soon as possible. If you are in that number, and the chances are high that you are, then you need to kickstart the updating process and then activate the updated browser itself to enable the protection to be in place. Google does automatically update the Chrome browser, but this relies on users restarting the client, which lots of people with lots of open tabs don’t like doing. So, please follow these steps now:

Head for the Help|About option in your Google Chrome menu to kickstart an automatic security update download.

Restart your Google Chrome browser after the update has been installed, or it will not activate, and you will still be vulnerable to attack.

Repeat step one to ensure that the Google Chrome update is installed and activated, and that you are now fully protected against these latest security threats.

ForbesGmail Account Deletion Warning—Act Now To Save Your Email In 2025

Chrome Patch Management Advice For Organizations

In light of the latest Google Chrome web browser security update addressing a number of serious, high-severity memory vulnerabilities, Alex Vovk, CEO and co-founder of Action1, an endpoint and patch management company, has offered the following advice for organizations that are impacted:

  • Ensure that all organizational systems that use the Google Chrome web browser are updated to the latest version—this can be done using remote management tools.
  • Configure your browser settings through group policy or management tools to enable automatic updates for Chrome on all user endpoints as the norm.
  • Deploy advanced endpoint protection solutions that can detect and prevent browser vulnerabilities from being exploited, such as behavioral detection and intrusion prevention systems.
  • Conduct regular security assessments and penetration tests that include browser-based vulnerabilities in their scope.

“Communicate with employees about the importance of keeping software up to date,” including the likes of Google Chrome and other web browser clients using the Chromium engine, Vovk said, “and provide guidance on how to recognize update prompts and initiate manual updates when necessary.”

ForbesElon Musk Xmail Teaser Poses New Threat For Billions Of Gmail Users


Disclaimer: All rights are owned by the respective creators. No copyright infringement is intended.

Leave a Reply

Your email address will not be published. Required fields are marked *

Secured By miniOrange