Stable Channel Update for ChromeOS / ChromeOS Flex

ChromeOS Vulnerability Rewards Program Reported Bug Fixes:

N/A

Other 3rd Party Security Fixes Included:

Android Security fixes can be found here

Chrome Browser Security Fixes:

• [$11000][356196918] High CVE-2024-7965: Inappropriate implementation in V8. Reported by TheDog on 2024-07-30
• [$10000][355465305] High CVE-2024-7966: Out of bounds memory access in Skia. Reported by Renan Rios (@HyHy100) on 2024-07-25
• [$7000][355731798] High CVE-2024-7967: Heap buffer overflow in Fonts. Reported by Tashita Software Security on 2024-07-27
• [$1000][349253666] High CVE-2024-7968: Use after free in Autofill. Reported by Han Zheng (HexHive) on 2024-06-25
• [TBD][360700873] High CVE-2024-7971: Type confusion in V8. Reported by Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC) on 2024-08-19
• [$11000][345960102] Medium CVE-2024-7972: Inappropriate implementation in V8. Reported by Simon Gerst (intrigus-lgtm) on 2024-06-10
• [$3000][339141099] Medium CVE-2024-7974: Insufficient data validation in V8 API. Reported by bowu(@gocrashed) on 2024-05-07
• [$3000][347588491] Medium CVE-2024-7975: Inappropriate implementation in Permissions. Reported by Thomas Orlita on 2024-06-16
• [$2000][339654392] Medium CVE-2024-7976: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-10
• [$1000][40067456] Low CVE-2024-7981: Inappropriate implementation in Views. Reported by Thomas Orlita on 2023-07-14

Users who are pinned to a specific release of ChromeOS will not receive these security fixes or any other security fixes. We recommend updating to the latest version of Stable to ensure you are protected against exploitation of known vulnerabilities. 

To see fixes included in the Long Term Stable channel, see the release notes.