Last week, Google rolled out Chrome 128, which included a crucial fix for a zero-day vulnerability. Today, the tech giant has pushed a follow-up update for Chrome 128 that addresses four additional security issues. Fortunately, none of these vulnerabilities have been exploited in real-world scenarios so far, but their discovery underscores the ongoing vigilance required to keep browsers secure.
According to the Chrome Releases blog, Google’s latest update tackles four high-risk vulnerabilities identified by third-party researchers. These include a “type confusion” issue in the JavaScript V8 engine, detailed in two reports (CVE-2024-7969 and CVE-2024-8194), and two related vulnerabilities associated with a buffer overflow in the Skia graphics library (CVE-2024-8193 and CVE-2024-8198).
For users of Chrome, the update typically installs automatically when the browser is restarted, but if you haven’t yet received the new version, you can manually trigger the update. Simply navigate to “Options” -> “Help” -> “About Google Chrome,” allow the update to download, and restart the browser.
At this time, other Chromium-based browsers haven’t yet followed suit with updates. While Brave and Microsoft Edge have adopted Chromium 128, they haven’t released their own subsequent updates. Opera version 113 remains on Chromium 127, Vivaldi version 6.8 is on Chromium 126, and Vivaldi 6.9 is based on the latest Chromium 128. All these browsers are protected from the zero-day vulnerability CVE-2024-7971 reported last week.
Stay vigilant and ensure your browser is up-to-date to protect against these and future security threats.