May 16, 2024 at 06:55AM
Google issued an emergency Chrome security update to address a zero-day vulnerability, the third exploited in a week. The fix, released for Mac, Windows, and Linux, will automatically update Chrome, but users can verify by going to Help>About Google Chrome. The vulnerability, used in attacks, remains unpublicized as Google maintains restrictions. Microsoft also acknowledged similar exploits in their Edge web browser. Seven zero-days have been patched this year in Chrome, each with varying severity and exploitation methods.
Based on the meeting notes, the key takeaways are:
1. Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
2. The zero-day flaw (CVE-2024-4947) has been fixed with the release of specific versions for Mac/Windows and Linux, and will roll out to all users in the Stable Desktop channel over the coming weeks.
3. Chrome updates automatically when security patches are available, but users can also manually check for updates through Chrome menu > Help > About Google Chrome.
4. The high-severity zero-day vulnerability (CVE-2024-4947) is caused by a type confusion weakness in the Chrome V8 JavaScript engine.
5. Microsoft is also actively working on releasing a security fix for the Chromium-based Edge web browser.
6. This is the seventh actively exploited zero-day patched in 2024 for Google Chrome.
7. The complete list of zero-days patched in 2024 for Google Chrome is provided, along with details of each vulnerability.
Let me know if you need any further assistance or information.