Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274)
For the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability (CVE-2024-5274) with an in-the-wild exploit.
cve-2024-5274="" google-chromium-v8-type-confusion-vulnerability="" "="" title="Google Chromium V8 Type Confusion Vulnerability">CVE-2024-5274" title="Chrome updated" width="80%">
About CVE-2024-5274
As per usual, Google keeps technical details of the vulnerability under wraps. All they tell us is that the vulnerability is a type confusion bug in V8, Chrome’s JavaScript and WebAssembly engine.
“Google is aware that an exploit for CVE-2024-5274 exists in the wild,” the company says.
The fact that the vulnerability has been reported by security researcher Clément Lecigne of Google’s Threat Analysis Group (TAG) and Brendon Tiszka of its Chrome Security team seems to indicate that the zero-day is also being actively exploited by attackers.
Updates are already available
The zero-day has been fixed in Chrome 125.0.6422.112/.113 (for Windows and Mac) and 125.0.6422.112 (for Linux).
Depending on the operating system you use and whether you have disabled the auto-updating feature (for the Enterprise version of Chrome) or not, you can implement the update manually or you can close and reopen the browser and Google will do that for you.
Other Chromium-based browsers are expected to implement the fix soon, and Vivaldi already has.
Earlier this month, Google fixed three exploited zero-days in less than a week.
source: HelpNetSecurity
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Windows 11 KB5046740 update released with 14 changes and fixes
November 22, 2024APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
November 23, 2024Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
November 23, 2024