Google Issues Emergency Patches for Actively Exploited Chrome Zero-Day Vulnerability
Charles M. Walls | May 14, 2024 | Views: 226
Google has swiftly released emergency patches to fix a new zero-day vulnerability in its Chrome web browser, which is currently being actively exploited.
This critical flaw, identified as CVE-2024-4761, is an out-of-bounds write issue affecting the V8 JavaScript and WebAssembly engine. The bug was anonymously reported on May 9, 2024.
Out-of-bounds write bugs can be exploited by malicious actors to corrupt data, cause crashes, or execute arbitrary code on compromised systems.
"Google is aware that an exploit for CVE-2024-4761 exists in the wild," the tech giant confirmed.
To prevent further exploitation, additional details about the nature of these attacks are being withheld.
This disclosure follows closely on the heels of another recent fix for CVE-2024-4671, a use-after-free vulnerability in the Visuals component that has also been actively exploited.
With this latest patch, Google has now addressed six zero-day vulnerabilities since the beginning of the year. Notably, three of these were demonstrated at the Pwn2Own hacking contest in Vancouver in March:
- CVE-2024-0519 - Out-of-bounds memory access in V8 (actively exploited)
- CVE-2024-2886 - Use-after-free in WebCodecs
- CVE-2024-2887 - Type confusion in WebAssembly
- CVE-2024-3159 - Out-of-bounds memory access in V8
- CVE-2024-4671 - Use-after-free in Visuals (actively exploited)
Users are strongly urged to update to Chrome version 124.0.6367.207/.208 for Windows and macOS, and version 124.0.6367.207 for Linux to protect against these threats.
Additionally, users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi should also apply the fixes as soon as they are available.