In response to a high-severity security vulnerability in its Chrome browser that it said has been used in the wild, Google released updates for the browser on Thursday.
The vulnerability, which has been assigned the CVE identifier CVE-2024-5274, is related to a type misunderstanding fault in the WebAssembly and JavaScript V8 engines. On May 20, 2024, Brendon Tiszka of Chrome Security and Clément Lecigne of Google’s Threat Analysis Group reported it.
Type confusion vulnerabilities happen when a programme tries to use a resource that isn’t compatible with its kind. Because it gives threat actors the ability to run arbitrary code, do out-of-bounds memory access, and cause a crash, it may have dangerous repercussions.
With the development, Google has now fixed four zero-day vulnerabilities this month, following CVE-2024-4671, CVE-2024-4761, and CVE-2024-4947.
Although it could not provide further technical information regarding the vulnerability, the tech giant did admit that it “is aware that an exploit for CVE-2024-5274 exists in the wild.” It is unclear whether the flaw is a workaround for CVE-2024-4947, a V8 type confusion fault.
Since the beginning of the year, Google has fixed eight zero-day vulnerabilities in Chrome with the most recent patch.
To reduce possible risks, users are advised to update to Chrome versions 125.0.6422.112/.113 for Windows and macOS and 125.0.6422.112 for Linux.
It’s also recommended that users of Chromium-based browsers like Vivaldi, Microsoft Edge, Brave, Opera, and Opera update the changes as soon as they become available.