The Stable channel is being updated to OS version: 15699.58.0 Browser version: 121.0.6167.159 for most ChromeOS devices.
If you find new issues, please let us know one of the following ways
Interested in switching channels? Find out how.
Security Fixes and Rewards
ChromeOS Vulnerabiltity Rewards Program Reported Bug Fixes:
[$1000] [1472961] Medium CVE-2024-1280 Out-of-bounds write in CAMX driver. Reported by lovepink on 2023-08-16
[$500] [1482676] Medium CVE-2024-1281 Out of Bound Write in cam_lrme_mgr_hw_prepare_update Reported by yqsun1997 on 2023-09-15
[$1000] [1466464] Medium CVE-2024-25556 OOB Write In PhysmemCreateNewDmaBufBackedPMR reported by lm0963hack on 2023-07-20
[$500] [1478971] Medium CVE-2024-25557 Physical Pages UAF in PowerVR GPU Device Side can cause Arbitrary Read and Write physical memory from userspace reported by lovepink on 2023-09-05
[$500] [1477097] Medium CVE-2024-25558 PowerVR GPU Driver Controllable OOB Writes because of Integer overflows in function DevmemIntChangeSparse reported by lovepink on 2023-08-29
Other 3rd Party Security Fixes Included:
High Fixes Use after free in Ash
Medium Fixes CVE-2023-6817 in Linux Kernel
Medium Fixes CVE-2023-6932 in Linux Kernel
Chrome Browser Security Fixes:
[$11000][1505080] High CVE-2024-0807: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-25
[$6000][1504936] High CVE-2024-0808: Integer underflow in WebUI. Reported by Lyra Rebane (rebane2001) on 2023-11-24
[$1000][1463935] Medium CVE-2024-0814: Incorrect security UI in Payments. Reported by Muneaki Nishimura (nishimunea) on 2023-07-11
[$1000][1477151] Medium CVE-2024-0813: Use after free in Reading Mode. Reported by @retsew0x01 on 2023-08-30
[$1000][1505176] Medium CVE-2024-0806: Use after free in Passwords. Reported by 18楼梦想改造家 on 2023-11-25
[N/A][1494490] Low CVE-2024-0811: Inappropriate implementation in Extensions API. Reported by Jann Horn of Google Project Zero on 2023-10-21
[TBD][1497985] Low CVE-2024-0809: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-10-31
Users who are pinned to a specific release of ChromeOS will not receive these security fixes or any other security fixes. We recommend updating to the latest version of Stable to ensure you are protected against exploitation of known vulnerabilities.
To see fixes included in the Long Term Stable channel, see the release notes.