Chrome 126 Update Patches Vulnerability Exploited at Hacking Competition
19-June-24
Google has released the Chrome 126 update, addressing six high-severity vulnerabilities, including CVE-2024-6100, a type confusion issue in the V8 script engine demonstrated at the TyphoonPWN 2024 hacking competition. The flaw, reported by Seunghyun Lee, earned him a $20,000 bug bounty. Other addressed issues include CVE-2024-6101, an inappropriate implementation issue in WebAssembly reported by @ginggilBesel, and two vulnerabilities in Dawn, CVE-2024-6102 and CVE-2024-6103, reported by wgslfuzz. Google has not disclosed technical details but confirmed no known exploits in the wild. The update, version 126.0.6478.114/115, is rolling out for Linux, Windows, and macOS.
