With Chrome news coming thick and fast over recent days, millions of users may have missed Google’s critical security update for all Windows users.
Chrome, with over 3 billion users, is the world’s leading browser and regularly makes headlines. However, the past few weeks have been particularly eventful. Highlights include Google’s surprising decision to reverse its stance on tracking cookies, new security measures to combat identity cookie hijacking, and the introduction of new AI tools.
With everything happening recently, it’s easy to overlook the crucial security update that came with Chrome version 127.0.6533.88/89 for Windows (and Macs). This update fixes CVE-2024-6990, a memory vulnerability in Chrome’s web graphics rendering engine, Dawn. If exploited, this vulnerability could potentially destabilize your PC and allow an attacker to execute malicious code.
Although many Chrome users are on mobile devices with their own security measures, over a billion use Microsoft Windows, which has its own security issues. This makes Chrome’s security warnings particularly critical. Since Chrome is essentially the default browser on Windows—despite Microsoft’s efforts with Edge, which has seen limited success—it serves as a key entry point to the device itself.
To confirm that Chrome is updated to version 127.0.6533.88/89, check the “About Chrome” section in the settings. If you haven’t restarted your browser recently, do so now to make sure the security update has been applied.
The latest update also includes two other significant fixes, both categorized as high severity. One addresses a memory issue in the WebTransport layer, while the other tackles the Dawn vulnerability by correcting “insufficient data validation.”
As usual, there’s little other detail at this early stage. Google has stated that “access to bug details and links may be kept restricted until most users have received the fix. Restrictions may also remain if the bug is present in a third-party library used by other projects that have not yet addressed the issue.”
Despite the urgency of this patch, it’s unlikely to receive much media attention. What’s evident is that the cookie story will continue to evolve. The latest development is the Electronic Frontier Foundation (EFF) issuing a detailed warning, adding to their previous comments on Google’s surprise announcement.
The privacy group warns that “Google breaking its promise to block third-party cookies” is detrimental to your privacy and beneficial to Google’s business. Third-party cookies are a widespread tracking technology that enables companies to monitor your online activity for surveillance and targeted advertising.
Chrome privacy warnings have come thick and fast for years now, but its popularity remains strong. As such, one can understand why Google appears somewhat phlegmatic on the subject.
Returning to the latest update: if you choose to continue using Chrome despite the ongoing Cookie controversy, ensure that your browser stays updated. As recent events have shown, some vulnerabilities are actively exploited, posing risks that far exceed the concerns of targeting and digital fingerprinting.
Discussion about this post