Google on Thursday rolled out fixes to handle a high-severity safety flaw in its Chrome browser that it stated has been exploited within the wild.
Assigned the CVE identifier CVE-2024-5274, the vulnerability pertains to a sort confusion bug within the V8 JavaScript and WebAssembly engine. It was reported by Clément Lecigne of Google’s Menace Evaluation Group and Brendon Tiszka of Chrome Safety on Might 20, 2024.
Kind confusion vulnerabilities happen when a program makes an attempt to entry a useful resource with an incompatible sort. It could possibly have severe penalties because it permits risk actors to carry out out-of-bounds reminiscence entry, trigger a crash, and execute arbitrary code.
The event marks the fourth zero-day that Google has patched because the begin of the month after CVE-2024-4671, CVE-2024-4761, and CVE-2024-4947.
The tech large didn’t disclose extra technical particulars concerning the flaw, however acknowledged that it “is aware that an exploit for CVE-2024-5274 exists in the wild.” It is not clear if the shortcoming is a patch bypass for CVE-2024-4947, which can be a sort confusion bug in V8.
With the most recent repair, Google has resolved a complete of eight zero-days have been resolved by Google in Chrome because the begin of the yr –
Customers are advisable to improve to Chrome model 125.0.6422.112/.113 for Home windows and macOS, and model 125.0.6422.112 for Linux to mitigate potential threats.
Customers of Chromium-based browsers equivalent to Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and once they change into out there.
