May 14, 2024 at 10:39AM
Google has released emergency fixes for a high-severity zero-day flaw in the Chrome web browser (CVE-2024-4761) actively exploited in the wild. The vulnerability affects the V8 JavaScript and WebAssembly engine and could allow data corruption, crashes, or execution of arbitrary code. Google urges users to upgrade to Chrome version 124.0.6367.207/.208 to mitigate potential threats.
The meeting notes from May 14, 2024, highlight an emergency update from Google to address a zero-day vulnerability in the Chrome web browser. The high-severity flaw, known as CVE-2024-4761, affects the V8 JavaScript and WebAssembly engine and has been actively exploited in the wild. This out-of-bounds write bug could potentially lead to data corruption, crashes, or the execution of arbitrary code on compromised systems. It’s noted that an exploit for CVE-2024-4761 exists in the wild, and Google has taken steps to withhold details about the attacks to prevent further exploitation. The update is significant as it follows closely on the heels of the patch for CVE-2024-4671, another vulnerability that was exploited in real-world attacks. In light of these developments, users are advised to upgrade to Chrome version 124.0.6367.207/.208 for Windows and macOS, and version 124.0.6367.207 for Linux to mitigate potential threats. Additionally, users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are urged to apply necessary fixes as they become available.