Update Chrome Browser Now: 4th Zero-Day Exploit Discovered in May 2024

Cyber Security

Products You May Like

May 24, 2024NewsroomVulnerability / Browser Security

Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild.

Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Clément Lecigne of Google’s Threat Analysis Group and Brendon Tiszka of Chrome Security on May 20, 2024.

Type confusion vulnerabilities occur when a program attempts to access a resource with an incompatible type. It can have serious consequences as it allows threat actors to perform out-of-bounds memory access, cause a crash, and execute arbitrary code.

The development marks the fourth zero-day that Google has patched since the start of the month after CVE-2024-4671, CVE-2024-4761, and CVE-2024-4947.

Cybersecurity

The tech giant did not disclose additional technical details about the flaw, but acknowledged that it “is aware that an exploit for CVE-2024-5274 exists in the wild.” It’s not clear if the shortcoming is a patch bypass for CVE-2024-4947, which is also a type confusion bug in V8.

With the latest fix, Google has resolved a total of eight zero-days have been resolved by Google in Chrome since the start of the year –

Users are recommended to upgrade to Chrome version 125.0.6422.112/.113 for Windows and macOS, and version 125.0.6422.112 for Linux to mitigate potential threats.

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Instagram Creator Lab Launched in India; Company Rolls Out New Story Features, Birthday Notes
Scientists Uncover Invisible Ambipolar Electric Field Around Earth for First Time, New Study Reveals
OpenAI and Anthropic agree to let U.S. AI Safety Institute test and evaluate new models
SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments
New Malware Masquerades as Palo Alto VPN Targeting Middle East Users

Leave a Reply

Your email address will not be published. Required fields are marked *