Article Details
Scrape Timestamp (UTC): 2024-05-24 09:31:03.417
Original Article Text
Click to Toggle View
Google fixes eighth actively exploited Chrome zero-day this year. Google has released a new emergency security update to address the eighth zero-day vulnerability in Chrome browser confirmed to be actively exploited in the wild. The security issue was discovered internally by Google's Clément Lecigne and is tracked as CVE-2024-5274. It is a high-severity 'type confusion' in V8, Chrome's JavaScript engine responsible for executing JS code. "Google is aware that an exploit for CVE-2024-5274 exists in the wild," the company said in the security advisory. A "type confusion" vulnerability occurs when a program allocates a piece of memory to hold a certain type of data but mistakenly interprets the data as a different type. This can lead to crashes, data corruption, as well as arbitrary code execution. Google has not shared technical details about the flaw to protect users from potential exploitation attempts from other threat actors and allow them to install a browser version that addresses the problem. "Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed," said the tech giant. Fix available on Chrome Stable Google's fix is being rolled out to Chrome's Stable channel in version 125.0.6422.112/.113 for Windows and Mac, while Linux users will get the update on version 125.0.6422.112 in the coming weeks. Chrome installs important security updates automatically and they take effect after relaunching the browser. Users can confirm they are using the latest version in the About section of the Settings menu. If an update is available, users should wait for the update process to finish and then click on the 'Relaunch' button to apply it. Third actively exploited zero-day this month CVE-2024-5274 is the eighth actively exploited vulnerability that Google fixed in Chrome since the beginning of the year, and the third this month. At the same time, Google's previous decision to reduce the delivery of Chrome security updates from twice to once a week addresses the patch gap problem that gives threat actors extra time to exploit zero-day flaws. Actively exploited zero-day flaws in Chrome that have been patched earlier this year are:
Daily Brief Summary
Google has urgently updated Chrome to address the eighth zero-day vulnerability this year, marked as CVE-2024-5274, which was being actively exploited.
CVE-2024-5274 is a high-severity 'type confusion' flaw in Chrome's V8 JavaScript engine, leading to potential crashes, data corruption, or arbitrary code execution.
The vulnerability was discovered internally by Google employee Clément Lecigne without releasing specific details to the public to prevent further exploitation.
Google is limiting access to detailed bug information until most users have installed the update, especially noting that this bug could be in third-party libraries used by other projects.
Updates are available on Chrome Stable version 125.0.6422.112/.113 for Windows and Mac, with Linux updates to follow shortly.
Chrome users should ensure their browser automatically updates to the latest version and may need to relaunch the browser to apply the update.
This third zero-day flaw patched by Google this month highlights ongoing security challenges and the importance of regular updates.