Google Notices the 4th Chrome Zero-Day Vulnerability in May Is Actively Under Attack; Update Quickly

Google Notices the 4th Chrome Zero-Day Vulnerability

Google Notices the 4th Chrome Zero-Day Vulnerability in May Is Actively Under Attack; Update Quickly

Google released patches on Thursday to address a high-severity security weakness in its Chrome browser, which the company stated has been exploited in the wild. The flaw was discovered by Google.

The vulnerability, which has been given the CVE identifierCVE-2024-5274, is associated with a type misunderstanding flaw that is present in the V8 JavaScript and Web Assembly engine. Clément Lavigne, who works for Google’s Threat Analysis Group, and Brendon Tiszka, who works for Chrome Security, both reported it around the 20th of May, 2024.

Whenever a program makes an effort to access a resource that has a type that is incompatible with its own, type confusion vulnerabilities are created. It is possible for it to have severe consequences because it gives threat actors the ability to access memory that is outside of their boundaries, cause a crash, and execute arbitrary code.

As a result of this new discovery, Google has corrected a total of four zero-day vulnerabilities since the beginning of the month. These vulnerabilities are CVE-2024-4671, CVE-2024-4761, and CVE-2024-4947.

The multinational technology corporation did not reveal any additional technical information regarding the vulnerability; however, it did acknowledge that it “is aware that an exploit for CVE-2024-5274 exists in the wild.” Whether or whether the flaw is a patch bypass for CVE-2024-4947, which is likewise a type of confusion bug in V8, is not entirely known.

A total of eight zero-day vulnerabilities have been fixed by Google in Chrome since the beginning of the year, and the most recent update has been implemented to address all of these vulnerabilities.

CVE-2024-0519 Out-of-bounds memory access in V8
CVE-2024-2886 Use-after-free in WebCodecs (demonstrated at Pwn2Own 2024)
CVE-2024-2887 Type confusion in WebAssembly (demonstrated at Pwn2Own 2024)
CVE-2024-3159 Out-of-bounds memory access in V8 (demonstrated at Pwn2Own 2024)
CVE-2024-4671 Use-after-free in Visuals
CVE-2024-4761 Out-of-bounds write in V8
CVE-2024-4947 Type confusion in V8

Windows and macOS users are strongly encouraged to upgrade to Chrome version 125.0.6422.112/.113, while Linux users should upgrade to version 125.0.6422.112 in order to protect themselves from any potential dangers.

It is also recommended that users of browsers that are based on Chromium, such as Microsoft Edge, Brave, Opera, and Vivaldi, update the patches as soon as they are made available.

one year cyber security diploma course

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space.  Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM.  Naager entered the field of content in an unusual way.  He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts.  He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field.  In the bottom line, he frequently writes for Craw Security.


The Methodology of FedEx Scammers Coordinated Digital Arrests and Were Detained by the Uttarakhand STF

A Doctor Was Defrauded of ₹3.7 Crore by Cybercriminals Who Posed as CBI Officers

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Can we help you?