Stable Channel Update for ChromeOS / ChromeOS Flex

Hello All,

The Stable channel is being updated to 124.0.6367.95 (Platform version:15823.40.0) for most ChromeOS devices and will be rolled out over the next few days.

If you find new issues, please let us know one of the following ways:

• File a bug
• Visit our Chrome OS communities
  • General: Chromebook Help Community
  • Beta Specific: ChromeOS Beta Help Community
• Report an issue or send feedback on Chrome

Interested in switching channels? Find out how.

See the latest release notes.

Security Fixes and Rewards:

ChromeOS Vulnerability Rewards Program Reported Bug Fixes:

N/A

Other 3rd Party Security Fixes Included:

Android Security fixes can be found here

Chrome Browser Security Fixes:

• [$20000][331358160] High CVE-2024-3832: Object corruption in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27
• [$10000][331383939] High CVE-2024-3833: Object corruption in WebAssembly. Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27
• [N/A][330759272] High CVE-2024-3914: Use after free in V8. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on 2024-03-21
• [$1000][330376742] Medium CVE-2024-3841: Insufficient data validation in Browser Switcher. Reported by Oleg on 2024-03-19
• [$5000][40058873] Low CVE-2024-3844: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz on 2022-02-23
• [$2000][40064754] Low CVE-2024-3846: Inappropriate implementation in Prompts. Reported by Ahmed ElMasry on 2023-05-23
• [$1000][328690293] Low CVE-2024-3847: Insufficient policy enforcement in WebUI. Reported by Yan Zhu on 2024-03-08

Please Note:_ Users who are pinned to a specific release of ChromeOS will not receive these security fixes or any other security fixes. We recommend updating to the latest version of Stable to ensure you are protected against exploitation of known vulnerabilities. _

To see fixes included in the Long Term Stable channel, see the Long Term Stable release notes.

- Google ChromeOS.