After a notable 24-day hiatus without updates, Google Chrome has rolled out its latest version, v126.0.6478.182/.183, patching eight high-risk security vulnerabilities.

Landian.news pointed out just yesterday that Google Chrome's lack of updates since June 24 was unusual. Typically, Chrome releases at least three security patches each month, with some months seeing as many as five to six updates.

Some users speculated that the Chrome team was on vacation, and thankfully, no severe issues had arisen, allowing the stable version of Chrome to remain unchanged.

Today, Google launches the stable update for Chrome v126.0.6478.182/.183, focusing on bug fixes including ten patches and addressing eight critical security flaws.

Landian.news has already saved the desktop version's offline installer files, available for download here: [July 17, 2024] Chrome v126.0.6478.182/.183 Official Offline Installer Package Download.

Vulnerabilities Addressed in This Update:

• CVE-2024-6773 ($7000): Identified a type confusion issue in V8. Type confusion can allow attackers to execute arbitrary code by confusing the object types due to improper memory object handling, reported by Salim Largo.
• CVE-2024-6774 ($6000): Revealed a Use After Free (UAF) vulnerability in screen capture. UAF occurs when the program attempts to use memory that has already been freed, potentially leading to crashes or arbitrary code execution, reported by the TIANGONG Team.
• CVE-2024-6775 ($5000): Involved a Use After Free vulnerability in media streams, reported anonymously. Similar to CVE-2024-6774, it's a memory safety issue.
• CVE-2024-6776 ($4000): Highlighted a Use After Free vulnerability in audio processing, also reported by TIANGONG Team’s lime and fmyy, indicating memory management issues in audio components.
• CVE-2024-6777 ($2500): Detailed a Use After Free vulnerability in navigation, reported by Sven Dysthe. It could affect browser-based navigation functionalities, like page transitions.
• CVE-2024-6778 (TBD): Discussed a race condition in DevTools. A race condition involves the behavior of a program depending on the timing of events or threads, leading to unpredictable outcomes, first reported by Allen Ding.
• CVE-2024-6779 (TBD): Uncovered an out-of-bounds memory access issue in V8, reported by Seunghyun Lee. Out-of-bounds access could allow attackers to read or modify data in memory, potentially leading to information leaks or arbitrary code execution.