Google Chrome users, you need to update your browser right away. The company has just released a fix for a high-severity security flaw actively exploited in the wild. This is the fourth zero-day vulnerability in Chrome that Google has patched this month, and the eighth since the beginning of the year.
Google fixes another actively exploited zero-day Chrome vulnerability
Identified by the CVE (Common Vulnerabilities and Exposures) number CVE-2024-5274, the latest zero-day Chrome vulnerability was reported by Clément Lecigne of Google’s Threat Analysis Group and Brendon Tiszka of Chrome Security on 20th May. According to the company, it is a high-severity “Type Confusion” bug in V8. It is the browser app’s JavaScript engine that executes JS code.
This vulnerability occurs when a program attempts to access a resource with an incompatible type. The program allocates a resource using one type but later attempts to access it using a type incompatible with the original type. It enables threat actors to launch devastating security attacks on affected devices or programs, including causing a crash, out-of-bounds memory access, and arbitrary code execution.
Google says it is aware of an active exploit for the newly discovered Chrome security bug. Unsurprisingly, it didn’t disclose the technical details about the flaw. This limits potential exploits and gives users time to install the patch before more threat actors devise an exploit. The patch is rolling out with Chrome version 125.0.6422.112/.113 for Windows and Mac and 125.0.6422.112 for Linux.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed,” the company said in a blog post. ” It may share more details in the coming weeks. In the meantime, update Google Chrome on your device to stay safe from this vulnerability and potentially many others.
Regularly update your apps to avoid potential security attacks
You should always keep apps updated to avoid potential security risks. As we have seen on this occasion, and several previous occasions with Google Chrome this month, companies often are caught off guard by threat actors exploiting vulnerabilities before they prepare a fix. Also, make sure to install or update apps from official sources only. Do not click on unknown or suspicious links. To check for the current Chrome version, go to the About section in the Settings menu.
The post Chrome update patches actively exploited zero-day vulnerability appeared first on Android Headlines.