The latest update includes three significant security fixes, two of which were reported by an external researcher known as “gelatin dessert.” The details of these fixes are as follows:
The “uninitialized use in Dawn” flaw (CVE-2024-6990) can significantly impact Chrome’s browser performance and stability. Dawn is a critical component of Chrome’s graphics pipeline, responsible for rendering web content efficiently across different platforms.
When uninitialized memory is used in Dawn, it can lead to unpredictable behavior, causing the browser to crash unexpectedly or freeze during normal operation.
This not only disrupts the user experience but also potentially exposes the system to security vulnerabilities. In severe cases, it could allow attackers to execute arbitrary code, potentially compromising the user’s system.
In line with its policy, Google has restricted access to detailed information about these vulnerabilities until a majority of users have updated their browsers. This precaution is intended to prevent potential exploitation of these flaws before users can protect themselves.
Additionally, restrictions will remain if the vulnerabilities are found in third-party libraries that other projects also depend on but have not yet patched.
Google urges all Chrome users on Windows, Mac, and Linux platforms to update their browsers promptly to ensure they are protected against these vulnerabilities.
The update process is typically automatic, but users are advised to verify their browser version to confirm the update has been applied.
Google has expressed gratitude to all security researchers who contributed to identifying and reporting these vulnerabilities, helping to enhance the security of the Chrome browser.