Google Patches Critical Chrome Vulnerability Reported by Apple
-
Google has patched CVE-2024-10487, a critical Chrome vulnerability, and Mozilla has patched high-severity flaws in Firefox.
Google and Mozilla on Tuesday announced security updates for their Chrome and Firefox web browsers, and some of the vulnerabilities they patch are potentially severe.
Google has announced the release of Chrome 130, which patches two vulnerabilities.
One of them, tracked as CVE-2024-10487, has been described as a critical out-of-bounds write issue in Dawn, the cross-platform implementation of the WebGPU standard.
The issue was reported to Google by Apple’s Security Engineering and Architecture (SEAR) team just one week ago. Different implementations of the WebGPU graphics API are used in Firefox and Safari as well, but it’s unclear if these browsers are also impacted by CVE-2024-10487.
While there is no information on what CVE-2024-10487 can be exploited for, in general, exploitation of out-of-bounds write issues can lead to arbitrary code execution. Google has not mentioned anything about in-the-wild exploitation.
The second vulnerability patched with the release of Chrome 130 is CVE-2024-10488, a high-severity use-after-free in WebRTC.
Google has yet to determine the bug bounties that it will pay out for these vulnerabilities.
Mozilla on Tuesday released Firefox 132 and Thunderbird 132. The latest versions of the browser and email client patch the same 11 vulnerabilities, including two high-severity issues.
See full article at:
https://www.securityweek.com/google-patches-critical-chrome-vulnerability-reported-by-apple/