Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274)


For the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability (CVE-2024-5274) with an in-the-wild exploit.

About CVE-2024-5274

As per usual, Google keeps technical details of the vulnerability under wraps. All they tell us is that the vulnerability is a type confusion bug in V8, Chrome’s JavaScript and WebAssembly engine.

“Google is aware that an exploit for CVE-2024-5274 exists in the wild,” the company says.

The fact that the vulnerability has been reported by security researcher Clément Lecigne of Google’s Threat Analysis Group (TAG) and Brendon Tiszka of its Chrome Security team seems to indicate that the zero-day is also being actively exploited by attackers.

Updates are already available

The zero-day has been fixed in Chrome 125.0.6422.112/.113 (for Windows and Mac) and 125.0.6422.112 (for Linux).

Depending on the operating system you use and whether you have disabled the auto-updating feature (for the Enterprise version of Chrome) or not, you can implement the update manually or you can close and reopen the browser and Google will do that for you.

Other Chromium-based browsers are expected to implement the fix soon, and Vivaldi already has.

Earlier this month, Google fixed three exploited zero-days in less than a week.




Source link