Hackers were exploiting a serious security flaw in Chrome, which Google issued fixes for on Thursday.
The type misunderstanding flaw in the V8 JavaScript and WebAssembly engines causes the vulnerability identified as CVE-2024-5274. On May 20, 2024, Clément Lecigne of Google’s Threat Analysis Group and Brendon Tiszka of Chrome Security reported the incident.
In the security advisory, Google stated, “Google is aware that an exploit for CVE-2024-5274 exists in the wild.”
When a program misinterprets memory allocation, a vulnerability known as “type confusion” arises, which increases the chance of crashes, data corruption, and code execution.
In order to shield users from abuse and make browser updates easier, Google has not released technical information.
“Until the majority of users receive an update resolving the issue, access to bug details and links may remain restricted. Due to unpatched vulnerabilities in interdependent third-party libraries, the tech giant will continue to impose restrictions.”
Update available on Chrome Stable
Google’s fix is coming to Windows and Mac in version 125.0.6422.112/.113, followed by Linux users in version 125.0.6422.112 in the next few weeks.
Important security updates are installed by Chrome automatically, and they become active after the browser is restarted. In the Settings menu’s About section, users can verify that they are running the most recent version.
When an update is ready, users should click the “Relaunch” button to apply it after waiting for the update process to complete.
With the latest fix, Google has resolved a total of eight zero-days in Chrome over the past five months –
- CVE-2024-0519 – Out-of-bounds memory access in V8
- CVE-2024-2886 – Use-after-free in WebCodecs (demonstrated at Pwn2Own 2024)
- CVE-2024-2887 – Type confusion in web assembly (demonstrated at Pwn2Own 2024)
- CVE-2024-3159 – Out-of-bounds memory access in V8 (demonstrated at Pwn2Own 2024)
- CVE-2024-4671 – Use-after-free in Visuals
- CVE-2024-4761 – Out-of-bounds write in V8
- CVE-2024-4947 – Type confusion in V8
Found this article interesting? Follow us on LinkedIn and Instagram to read more exclusive content we post.