Google has issued a Chrome 126 security update, addressing six vulnerabilities, including a flaw, tracked as CVE-2024-6100 which was demonstrated during the SSD Secure Disclosure\u2019s TyphoonPWN 2024. TyphoonPWN is a live hacking competition held annually at TyphoonCon, an Offensive Security Conference in Seoul, South Korea.<\/p>\n\n\n\n
The vulnerability is a high-severity type confusion issue in the V8 script engine that was reported by Seunghyun Lee (@0x10n) participating in SSD Secure Disclosure’s TyphoonPWN 2024 on 2024-06-04<\/p>\n\n\n\n
Lee received a $20,000 bug bounty reward for reporting the issue.<\/p>\n\n\n\n
Google also addressed the following issues:<\/p>\n\n\n\n
Google hasn’t shared technical details on the vulnerabilities, the good news is that the company is not aware of attacks in the wild exploiting the flaws addressed by the Chrome 126 security update.<\/p>\n\n\n\n
<\/p>\n\n\n\n
Chrome 126 security update is now rolling out to users as version 126.0.6478.114 for Linux and as versions 126.0.6478.114\/115 for Windows and macOS.<\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/strong><\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, Google)<\/strong><\/p>\n\n\n\n