Google has released Chrome 127.0.6533.99, addressing 6 vulnerabilities, including a critical one (CVE-2024-7532) that allows attackers to bypass browser protection levels and execute code outside Sandbox-detachment. Details regarding this critical vulnerability have not been disclosed yet, but it is known that the issue arises from a buffer overflow in the layer handling Opengl ES calls to Opengl, Direct3D 9/11, Desktop GL, Metal, and Vulkan.
The other vulnerabilities fixed in this update are deemed dangerous and involve accessing memory after its release in the “Webaudio” API (CVE-2024-7536) and “Sharing” (CVE-2024-7533), writing outside buffer memory in the “Layout” component (CVE-2024-7534), type confusion in the V8 engine (CVE-2024-7550), and an error in the V8 engine implementation (CVE-2024-7535).