The Stable channel is being updated to OS version: 16033.43.0 Browser version: 130.0.6723.84 for most ChromeOS devices.
If you find new issues, please let us know one of the following ways
Interested in switching channels? Find out how.
Security Fixes and Rewards
ChromeOS Vulnerability Rewards Program Reported Bug Fixes:
N/A
Other 3rd Party Security Fixes Included:
High Fixes CVE-2024-7006 in libtiff
Medium Fixes CVE-2024-47076 CVE-2024-47175 CVE-2024-47176 CVE-2024-47177 in CUPS
Android Security fixes can be found here
Chrome Browser Security Fixes:
[$4000.0] [368672129] MEDIUM CVE-2024-9959: Use after free in DevTools. Reported by Sakana.S on 2024-09-21
[$36000.0] [367755363] HIGH CVE-2024-9954:Use after free in AI. Reported by DarkNavy on 2024-09-18
[$TBD] [367734947] HIGH CVE- DCHECK failure in base_.kind() == JAVA_SCRIPT in frames.h on 2024-09-17
[$TBD] [366635354] HIGH CVE- V8 correctness failure in sources: 1e - Missing TypeError in inlined js-to-wasm wrapper for ref extern on 2024-09-14
[$1000.0] [364773822] LOW CVE-2024-9966 Inappropriate implementation in Navigations. Reported by Harry Chen on 2024-09-05
[TBD][375123371] CRITICAL CVE-2024-10487: Out of bounds write in Dawn. Reported by Apple Security Engineering and Architecture (SEAR) on 2024-10-23[TBD][374310077] HIGH CVE-2024-10488: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2024-10-18[TBD][371011220] HIGH CVE-2024-10229: Inappropriate implementation in Extensions. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2024-10-02
[TBD][371565065] HIGH CVE-2024-10230: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-10-05
[TBD][372269618] HIGH CVE-2024-10231: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-10-09
[$1000.0] [364508693] MEDIUM CVE-2024-9962 : Inappropriate implementation in Permissions. Reported by Shaheen Fazim on 2024-09-04
[$3000.0] [361711121] LOW CVE-2024-9964 : Inappropriate implementation in Payments. Reported by Hafiizh on 2024-08-23
[$2000.0] [354748063] MEDIUM CVE-2024-9960: Use after free in Dawn. Reported by Anonymous on 2024-07-23
[$TBD] [328278718] MEDIUM CVE-2024-9963 : Insufficient data validation in Downloads. Reported by st4nly0n on 2024-03-06
[$5000.0] [40076120] MEDIUM CVE-2024-9958 Inappropriate implementation in PictureInPicture. Reported by Lyra Rebane (rebane2001) on 2023-11-02
Giuliana Pritchard
Google ChromeOS
