Google has rolled out fixes for a high-severity security vulnerability in its Chrome browser that has reportedly been exploited in real-world scenarios.
Identified as CVE-2024-5274, the flaw is attributed to a type confusion bug within the V8 JavaScript and WebAssembly engine. Google’s Threat Analysis Group member Clément Lecigne and Chrome Security’s Brendon Tiszka reported the issue on May 20, 2024.
Type confusion vulnerabilities pose significant risks, allowing attackers to execute out-of-bounds memory access, leading to crashes and the execution of arbitrary code.
This marks the fourth zero-day vulnerability addressed by Google since the beginning of the month, following CVE-2024-4671, CVE-2024-4761, and CVE-2024-4947.
While Google has not disclosed detailed technical information about the flaw, it has acknowledged the existence of an exploit for CVE-2024-5274 in the wild. It remains unclear if this vulnerability serves as a patch bypass for CVE-2024-4947, which is also a type confusion bug in V8.
Google’s latest update resolves a total of eight zero-day vulnerabilities in Chrome over the past five months, including issues like out-of-bounds memory access and use-after-free bugs.
Users are strongly advised to update their Chrome browser to version 125.0.6422.112/.113 for Windows and macOS, and version 125.0.6422.112 for Linux to mitigate potential security risks.
Furthermore, users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should also apply the fixes as soon as they become available to ensure their systems remain secure.
Source: thehackernews.com
