Stable Channel Update for ChromeOS / ChromeOS Flex

Hello All,

The Stable channel is being updated to 128.0.6613.133 (Platform version:15964.48.0) for ChromeOS devices and will be rolled out over the next few days.

If you find new issues, please let us know one of the following ways:

• File a bug
• Visit our Chrome OS communities
  • General: Chromebook Help Community
  • Beta Specific: ChromeOS Beta Help Community
• Report an issue or send feedback on Chrome

Interested in switching channels? Find out how.

See the latest release notes.

Security Fixes and Rewards:

ChromeOS Vulnerability Rewards Program Reported Bug Fixes:

N/A

Other 3rd Party Security Fixes Included:

Android Security fixes can be found here

Chrome Browser Security Fixes:

• [$11000][356196918] High CVE-2024-7965: Inappropriate implementation in V8. Reported by TheDog on 2024-07-30
• [$10000][355465305] High CVE-2024-7966: Out of bounds memory access in Skia. Reported by Renan Rios (@HyHy100) on 2024-07-25
• [$7000][355731798] High CVE-2024-7967: Heap buffer overflow in Fonts. Reported by Tashita Software Security on 2024-07-27
• [$1000][349253666] High CVE-2024-7968: Use after free in Autofill. Reported by Han Zheng (HexHive) on 2024-06-25
• [TBD][360700873] High CVE-2024-7971: Type confusion in V8. Reported by Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC) on 2024-08-19
• [$11000][345960102] Medium CVE-2024-7972: Inappropriate implementation in V8. Reported by Simon Gerst (intrigus-lgtm) on 2024-06-10
• [$3000][339141099] Medium CVE-2024-7974: Insufficient data validation in V8 API. Reported by bowu(@gocrashed) on 2024-05-07
• [$3000][347588491] Medium CVE-2024-7975: Inappropriate implementation in Permissions. Reported by Thomas Orlita on 2024-06-16
• [$2000][339654392] Medium CVE-2024-7976: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-10
• [$1000][40067456] Low CVE-2024-7981: Inappropriate implementation in Views. Reported by Thomas Orlita on 2023-07-14

Users who are pinned to a specific release of ChromeOS will not receive these security fixes or any other security fixes. We recommend updating to the latest version of Stable to ensure you are protected against exploitation of known vulnerabilities.

To see fixes included in the Long Term Stable channel, see the release notes.

- Google ChromeOS.