Lucene search

K
chromeHttps://chromereleases.googleblog.comGCSA-3187512179896722010
HistorySep 09, 2024 - 12:00 a.m.

Stable Channel Update for ChromeOS / ChromeOS Flex

2024-09-0900:00:00
https://chromereleases.googleblog.com
chromereleases.googleblog.com
7
chromeos
stable channel
update
128.0.6613.133
security
fixes
rewards
bug
community
android
bulletins
v8
skia
fonts
autofill
type confusion
permissions
long term stable channel

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

Low

EPSS

0.275

Percentile

96.9%

Hello All,

The Stable channel is being updated to 128.0.6613.133 (Platform version:15964.48.0) for ChromeOS devices and will be rolled out over the next few days.

If you find new issues, please let us know one of the following ways:

  • File a bug
  • Visit our Chrome OS communities
    • General: Chromebook Help Community
    • Beta Specific: ChromeOS Beta Help Community
  • Report an issue or send feedback on Chrome

Interested in switching channels? Find out how.

See the latest release notes.

Security Fixes and Rewards:

ChromeOS Vulnerability Rewards Program Reported Bug Fixes:

N/A

Other 3rd Party Security Fixes Included:

Android Security fixes can be found here

Chrome Browser Security Fixes:

  • [$11000][356196918] High CVE-2024-7965: Inappropriate implementation in V8. Reported by TheDog on 2024-07-30
  • [$10000][355465305] High CVE-2024-7966: Out of bounds memory access in Skia. Reported by Renan Rios (@HyHy100) on 2024-07-25
  • [$7000][355731798] High CVE-2024-7967: Heap buffer overflow in Fonts. Reported by Tashita Software Security on 2024-07-27
  • [$1000][349253666] High CVE-2024-7968: Use after free in Autofill. Reported by Han Zheng (HexHive) on 2024-06-25
  • [TBD][360700873] High CVE-2024-7971: Type confusion in V8. Reported by Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC) on 2024-08-19
  • [$11000][345960102] Medium CVE-2024-7972: Inappropriate implementation in V8. Reported by Simon Gerst (intrigus-lgtm) on 2024-06-10
  • [$3000][339141099] Medium CVE-2024-7974: Insufficient data validation in V8 API. Reported by bowu(@gocrashed) on 2024-05-07
  • [$3000][347588491] Medium CVE-2024-7975: Inappropriate implementation in Permissions. Reported by Thomas Orlita on 2024-06-16
  • [$2000][339654392] Medium CVE-2024-7976: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-10
  • [$1000][40067456] Low CVE-2024-7981: Inappropriate implementation in Views. Reported by Thomas Orlita on 2023-07-14

Users who are pinned to a specific release of ChromeOS will not receive these security fixes or any other security fixes. We recommend updating to the latest version of Stable to ensure you are protected against exploitation of known vulnerabilities.

To see fixes included in the Long Term Stable channel, see the release notes.

- Google ChromeOS.

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

Low

EPSS

0.275

Percentile

96.9%