Last week, Google rolled out Chrome 128, which included a fix for a critical zero-day vulnerability. Now, an additional update for Chrome 128 has been released to address four more high-risk security issues, none of which have been actively exploited in the wild so far. According to the Chrome Releases blog, these vulnerabilities were discovered by external security researchers and subsequently reported to Google.
The four vulnerabilities in question are categorized as “high risk” and include two type confusion issues in the V8 JavaScript engine (CVE-2024-7969 and CVE-2024-8194) and two buffer overflows in the open-source Skia graphics library (CVE-2024-8193 and CVE-2024-8198). While Chrome typically updates automatically, users should manually check for updates if their browser hasn’t yet been updated. This can be done by going to the three-dot menu, selecting Help, and then About Google Chrome.
Other Chromium-based browsers are in the process of catching up. Brave and Microsoft Edge have transitioned to Chromium 128 but are currently at last week’s security level. Opera version 113 has just moved to Chromium 127, while Vivaldi version 6.8 is still on Chromium 126, though version 6.9 has been updated to Chromium 128. All these browsers have patched the CVE-2024-7971 zero-day vulnerability from the previous week.