Chrome 129 plugs serious security holes

Google has released the latest version of Chrome 129 for download. The update, which is available for Windows, macOS and Linux, closes nine security holes. At least one vulnerability poses a high risk. An attacker could potentially inject malicious code and execute it in the browser’s sandbox.

A type confusion bug in the JavaScript engine V8 was rated “High”. It is likely to be exploitable using a specially crafted HTML page, meaning that an attacker only needs to trick a victim into visiting a website under their control.

There are further security vulnerabilities in the Downloads, Omnibox, Autofill and User Interface components. Google only provides details on six of the nine vulnerabilities. Google may withhold information on vulnerabilities until a majority of users have switched to the new version. Errors that affect third-party libraries, for example, are also usually only disclosed by Google with a delay.

Users should now promptly upgrade to the bug-fixed versions 129.0.6668.58 for Linux or 129.0.6668.58/.59 for Windows and macOS. The update is usually automatic. However, it can also be done manually via the “About Google” option. chrome” in the help menu of the browser settings. Chrome needs to be restarted to complete the installation.