top of page
Writer's pictureSiriluk Sithsakonkul
Jun 233 min read

New version google chrome

Updated: Jul 4

Google releases Chrome version 126.0.6478.114/115 for Windows and Mac with critical vulnerability fixes.


dark blue background image There are English letters Name the software Google Chrome 126.0.6478.114/115 with the Google Chrome logo.
Google Chrome new version 126.0.6478.114/115

New version of Google Chrome announced on June 20, 2024

Updated to fix several security bugs including type confusion and out-of-bounds memory access.


Google has announced the release of Chrome version 126.0.6478.114/115. For Windows and Mac operating systems and released Chrome version 126.0.6478.114 For the Linux operating system, this version has been released to fix vulnerabilities that could allow malicious actors to exploit vulnerabilities in affected versions of Chrome and take control of computers running affected versions of Chrome. Impact by permission level same as the user who was attacked at that time This may result in the attacker being able to install programs, view, change, or delete data, or create a new user account with full user rights (Full User Rights), depending on the rights. The bad actor receives it after a successful attack. User accounts that are configured to have low-level privileges on the system may be affected. Less impact than user accounts that have administrator privileges. (Administrative User Rights)


Google has released Chrome version 126.0.6478.114/115 for Windows and Mac to fix a critical security vulnerability. Users should update immediately to prevent potential security risks. This update resolves the following vulnerabilities:


  1. CVE-2024-6100 - Type confusion in V8 : A vulnerability in the V8 JavaScript engine that could allow an attacker to execute arbitrary code. This uncertainty is caused by incorrect handling of object types. This leads to unpredictable behavior and potential attacks.

  2. CVE-2024-6101 - Improper Usage in WebAssembly : An improper implementation issue in WebAssembly that may be used to cause unexpected behavior. or bypassing security This flaw is caused by incorrect handling of the WebAssembly module.

  3. CVE-2024-6102 - Out of bounds memory access in Dawn : A critical out of bounds memory access vulnerability in Dawn, a graphics library used by Chrome, could be used to access sensitive data or disrupt services. fail This problem is caused by incorrect bounds checking.

  4. CVE-2024-6103 - Memory usage after release in Dawn : Memory usage vulnerability after release in Dawn that could lead to arbitrary code execution. This flaw occurs when a program continues to use pointers after they have been released. This results in unpredictable behavior and potential attacks.


This is a vulnerability that poses an unacceptable risk. (Unacceptable Risk) to organizations using affected versions of Chrome And various actions must be taken to reduce the risk urgently. At the time this report was issued (June 19, 2024 at 2:00 p.m.), Proof-of-Concept C had not yet been found.


Troubleshooting instructions: Users should update their Chrome browser to version 126.0.6478.114/115. as soon as possible IT managers should enforce this update on all systems within the network to ensure protection against these vulnerabilities. Regular reviews and updates are essential for maintaining security.


General users can check the version of Google Chrome themselves by

Chrome menu > Help > About Google Chrome


Grant that all software functionality (especially Chrome) has permissions. Non-privileged user (software without administrator rights (Administrative Privileges)) to reduce the impact of an attack.


Restrict privileges of administrator user accounts (Administrative Privileges) to be used only for system management in the organization's assets only. For general computer use such as surfing the internet, e-mail, or using applications for normal operations. of the organization to use a user account that has permissions Non-privileged User of the organization only


Warn users not to visit untrusted websites or follow links from unknown sources or unreliable


Inform and educate users about the threats posed by links in the body of emails or Attachments, especially from unreliable sources


Apply Principle of Least Privilege to all systems and services in the organization.


Deploy intrusion prevention solutions on corporate computers as appropriate and/or received.


Corporate support Examples of usage include using Endpoint Detection and

Response (EDR) or Host-based IPS Agent, etc.


13 views0 comments

Comments

bottom of page