The first update for Chrome 128 fixes several browser security vulnerabilities.
Last week, Google released Chrome 128 and patched a zero-day vulnerability with it. Now, Google has released updates to Chrome 128 that fix four security vulnerabilities (none of which have been exploited in the wild yet). Other Chromium-based browsers are likely to follow soon.
In the Chrome Releases blog update, Prudhvikumar Bommana lists the four patched vulnerabilities that were discovered by external security researchers and reported to Google.
All four vulnerabilities are categorized as “high risk” by Google. The type confusion issue in the V8 JavaScript engine was included twice this week (CVE-2024-7969, CVE-2024-8194). The other two vulnerabilities are also siblings: they are buffer overflows in the open-source 2D graphics library Skia (CVE-2024-8193, CVE-2024-8198).
Chrome usually updates itself automatically when a new version is available, but if your browser hasn’t updated yet, you can trigger it with a manual update check: open the three-dot menu and navigate to Help > About Google Chrome.
Other Chromium-based browsers
As of now, other Chromium-based browsers are still catching up. Brave and Microsoft Edge have already made the switch to Chromium 128 but are only up to last week’s security level.
Meanwhile, Opera version 113 only just switched to Chromium 127, Vivaldi version 6.8 still relies on the Extended Stable Channel of Chromium version 126, and Vivaldi version 6.9 is up-to-date as it’s now based on the latest Chromium 128.
All four browsers are secured against the CVE-2024-7971 zero-day vulnerability from the previous week.