Google released Chrome version 127.0.6533.88, which addressed 3 vulnerabilities, including a critical one (CVE-2024-6990) that could allow attackers to bypass browser protection and execute code outside of the Sandbox control. Detailed information about this critical vulnerability has not been disclosed yet. It is known that the critical vulnerability is related to the use of uninitialised values in the Dawn component, which implements the webgpu specification.
The other two vulnerabilities, marked as dangerous, involve reading from memory areas outside the buffer in the WebTransport API implementation (CVE-2024-7255) and insufficient input data verification in the Dawn component (CVE-2024-7256).
/Reports, release notes, official announcements.