Chrome 126 security updates released this week resolve high-severity vulnerabilities reported by external researchers.
Google on Tuesday announced security updates for Chrome 126 that address ten vulnerabilities, including eight high-severity bugs reported by external researchers.
Despite Google’s efforts to eliminate memory safety bugs in Chrome, most of the externally reported security defects are memory issues that could potentially lead to a sandbox escape and remote code execution.
The new Chrome 126 release resolves an inappropriate implementation flaw in V8, a type confusion in V8, use-after-free bugs in Screen Capture, Media Stream, Audio, and Navigation, a race condition in DevTools, and an out-of-bounds memory access in V8.
Google notes in its advisory that it paid out $10,000 and $7,000 bug bounty rewards for the inappropriate implementation and type confusion vulnerabilities in V8.
The researchers who reported the use-after-free flaws were awarded $6,000, $5,000, $4,000, and $2,500 for their findings, respectively.
In total, Google paid out over $32,000 in bug bounty rewards, but says it has yet to determine the reward amounts to be handed out for the last two externally reported vulnerabilities.
The latest Chrome release is now rolling out as versions 126.0.6478.182/183 for Windows and macOS and as version 126.0.6478.182 for Linux.
On Tuesday, Google also announced that Chrome for Android was updated to version 126.0.6478.186 and that it rolls out to Google Play with the same patches included in the latest desktop releases of the browser.
The internet giant makes no mention of any of these vulnerabilities being exploited in the wild, but users are advised to update their browsers as soon as possible