⚡ TL;DR | Go Straight to the Google Chrome 128 Vulnerability Audit Report
On August 21st, Google released Chrome 128 for Windows, Mac, and Linux. The update includes 38 security fixes. Some of the vulnerabilities addressed could lead to arbitrary code execution and system crashes. We have added a new report to Lansweeper to help you locate vulnerable Chrome installations.
Google Chrome 128 Vulnerabilities
Google Chrome 128 addresses no less than 38 vulnerabilities, several of which have a high-severity rating. For more information on the update, you can check out the Chrome release page. However, most attention is going to CVE-2024-7971, a high-severity zero-day vulnerability that is already being exploited in attacks.
CVE-2024-7971 is caused by a type confusion weakness in Chrome’s V8 JavaScript and WebAssembly engine. It is known to be exploited in attacks but no further details are being released at this time. When successfully exploited, the issue can trigger browser crashes or it can be used to execute arbitrary code on the targetted devices.
UPDATE 2024-08-27: Google updated their blog to add the exploitation in the wild of CVE-2024-7965, an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine. This issue has also been fixed in the latest release.
Update Vulnerable Chrome Installations
All issues mentioned above have been fixed in the new Chrome 128 release, that is version 128.0.6613.84 (Linux) and 128.0.6613.84/.85 (Windows and Mac). As always, Google is holding off on releasing further bug details until a majority of users has had a chance to update their installations. That way malicious actors won’t be able to leverage the additional information for further attacks.
Remember to Update Microsoft Edge
Since Microsoft Edge is also a Chromium-based browser, we can expect an Edge security update soon to respond to the same vulnerabilities. You can always check what version your instances of Edge are on using our Edge Version Audit Report. This report will give you an overview of all instances of Microsoft Edge in your environment along with their version number.
Discover Vulnerable Chrome Installs
An updated Google Chrome audit report has been added to your Lansweeper installations to help you locate any vulnerable instances of Google Chrome in your network. This report will give you an actionable list of installations that haven’t been updated to the fixed version yet. You can get the report via the link below.