Google on Thursday rolled out fixes to handle a high-severity security flaw in its Chrome browser that it mentioned has been exploited within the wild.
Assigned the CVE identifier CVE-2024-5274, the vulnerability pertains to a kind confusion bug within the V8 JavaScript and WebAssembly engine. It was reported by Clément Lecigne of Google’s Menace Evaluation Group and Brendon Tiszka of Chrome Safety on Could 20, 2024.
Sort confusion vulnerabilities happen when a program makes an attempt to entry a useful resource with an incompatible sort. It may well have severe penalties because it permits menace actors to carry out out-of-bounds reminiscence entry, trigger a crash, and execute arbitrary code.
The event marks the fourth zero-day that Google has patched for the reason that begin of the month after CVE-2024-4671, CVE-2024-4761, and CVE-2024-4947.
The tech large didn’t disclose further technical particulars concerning the flaw, however acknowledged that it “is conscious that an exploit for CVE-2024-5274 exists within the wild.” It is not clear if the shortcoming is a patch bypass for CVE-2024-4947, which can also be a kind confusion bug in V8.
With the newest repair, Google has resolved a complete of eight zero-days have been resolved by Google in Chrome for the reason that begin of the yr –
Customers are really helpful to improve to Chrome model 125.0.6422.112/.113 for Home windows and macOS, and model 125.0.6422.112 for Linux to mitigate potential threats.
Customers of Chromium-based browsers resembling Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and after they develop into out there.
