サイバーニュース.jp

世界のサイバーなニュースを配信

Chrome Update Addresses 29 Vulnerabilities, Mitigating Remote Code Execution Threats

カテゴリ:

Google Launches Critical Chrome Update to Address 29 Vulnerabilities

Google has officially rolled out a significant update for its Chrome browser, promoting version 146 to the stable channel for Windows, Mac, and Linux users. This update is crucial as it addresses 29 security vulnerabilities, including a critical heap buffer overflow in the WebML component.

Immediate Upgrade Recommended

Users are strongly advised to upgrade immediately to version 146.0.7680.71 for Linux and 146.0.7680.71/72 for Windows and Mac. The update was released on March 10, 2026, and includes important fixes to mitigate severe security threats.

Key Vulnerabilities Addressed

The most severe vulnerability addressed in this update is CVE-2026-3913, a critical heap buffer overflow located in the WebML component. This flaw, discovered by security researcher Tobias Wienand, earned a $33,000 bug bounty due to its high risk of enabling remote code execution (RCE).

High-Security Risks

Along with the critical flaw, the update resolves 11 high-severity vulnerabilities. Many of these involve ‘Use after free’ (UAF) and out-of-bounds memory access errors impacting various browser components, such as Web Speech, Agents, Extensions, TextEncoding, and MediaStream. Threat actors often target UAF flaws because they allow attackers to manipulate memory pointers and insert malicious payloads.

Mitigating Medium and Low-Security Risks

The update also mitigates 17 medium and low-severity bugs in areas like the V8 JavaScript engine, PDF viewer, and developer tools. These fixes help secure the browser against less severe but still important threats.

Steps to Secure Your Browser

To secure your browser against these severe threats, follow these immediate mitigation steps:

  • Open Google Chrome and click the three-dot menu in the top right corner.
  • Navigate to “Help” and select “About Google Chrome.”
  • Allow the browser to automatically download version 146.0.7680.71 or 146.0.7680.72.
  • Restart the browser to fully apply the security patches.
  • Keep automatic updates enabled to ensure future security fixes are applied without delay.

Critical and High-Security Vulnerabilities

The update addresses several critical and high-severity vulnerabilities, including:

  • CVE-2026-3913: Critical heap buffer overflow in WebML
  • CVE-2026-3914: High integer overflow in WebML
  • CVE-2026-3915: High heap buffer overflow in WebML
  • CVE-2026-3916: High out-of-bounds read in Web Speech
  • CVE-2026-3917: High use after free in Agents
  • CVE-2026-3918: High use after free in WebMCP
  • CVE-2026-3919: High use after free in Extensions
  • CVE-2026-3920: High out-of-bounds memory access in WebML
  • CVE-2026-3921: High use after free in TextEncoding
  • CVE-2026-3922: High use after free in MediaStream
  • CVE-2026-3923: High use after free in WebMIDI
  • CVE-2026-3924: High use after free in WindowDialog

These vulnerabilities, if left unpatched, could allow remote attackers to execute arbitrary code and fully compromise affected systems.

元記事: https://gbhackers.com/chrome-update-addresses-29-vulnerabilities/

投稿をさらに読み込む