Google Notices the 4th Chrome Zero-Day Vulnerability in May Is Actively Under Attack; Update Quickly
Google Notices the 4th Chrome Zero-Day Vulnerability in May Is Actively Under Attack; Update Quickly
Google released patches on Thursday to address a high-severity security weakness in its Chrome browser, which the company stated has been exploited in the wild. The flaw was discovered by Google.
The vulnerability, which has been given the CVE identifierCVE-2024-5274, is associated with a type misunderstanding flaw that is present in the V8 JavaScript and Web Assembly engine. Clément Lavigne, who works for Google’s Threat Analysis Group, and Brendon Tiszka, who works for Chrome Security, both reported it around the 20th of May, 2024.
Whenever a program makes an effort to access a resource that has a type that is incompatible with its own, type confusion vulnerabilities are created. It is possible for it to have severe consequences because it gives threat actors the ability to access memory that is outside of their boundaries, cause a crash, and execute arbitrary code.
As a result of this new discovery, Google has corrected a total of four zero-day vulnerabilities since the beginning of the month. These vulnerabilities are CVE-2024-4671, CVE-2024-4761, and CVE-2024-4947.
The multinational technology corporation did not reveal any additional technical information regarding the vulnerability; however, it did acknowledge that it “is aware that an exploit for CVE-2024-5274 exists in the wild.” Whether or whether the flaw is a patch bypass for CVE-2024-4947, which is likewise a type of confusion bug in V8, is not entirely known.
A total of eight zero-day vulnerabilities have been fixed by Google in Chrome since the beginning of the year, and the most recent update has been implemented to address all of these vulnerabilities.
CVE-2024-0519 | Out-of-bounds memory access in V8 |
CVE-2024-2886 | Use-after-free in WebCodecs (demonstrated at Pwn2Own 2024) |
CVE-2024-2887 | Type confusion in WebAssembly (demonstrated at Pwn2Own 2024) |
CVE-2024-3159 | Out-of-bounds memory access in V8 (demonstrated at Pwn2Own 2024) |
CVE-2024-4671 | Use-after-free in Visuals |
CVE-2024-4761 | Out-of-bounds write in V8 |
CVE-2024-4947 | Type confusion in V8 |
Windows and macOS users are strongly encouraged to upgrade to Chrome version 125.0.6422.112/.113, while Linux users should upgrade to version 125.0.6422.112 in order to protect themselves from any potential dangers.
It is also recommended that users of browsers that are based on Chromium, such as Microsoft Edge, Brave, Opera, and Vivaldi, update the patches as soon as they are made available.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
READ MORE ARTICLE HERE