May 24, 2024 at 05:09AM
Google has released a new Chrome update to fix a high-severity vulnerability, CVE-2024-5274, making it the fourth zero-day patched in two weeks. The exploit exists in the wild, and no bug bounty will be given for its discovery. Google urges users to update to the latest Chrome release, version 125.0.6422.112.
From the meeting notes, it is clear that Google has recently rolled out a fresh Chrome update to address another exploited vulnerability in the popular web browser. The update is the fourth zero-day to be patched in two weeks and addresses a high-severity flaw, tracked as CVE-2024-5274, which is described as a type confusion in the V8 JavaScript and WebAssembly engine. It is noted that an exploit for this vulnerability exists in the wild.
The company has credited Clement Lecigne of Google’s Threat Analysis Group (TAG) and Brendon Tiszka of Chrome Security for reporting the flaw. It is also mentioned that no bug bounty reward will be handed out for the discovery.
Google has resolved a total of eight Chrome zero-days so far this year and advised users to update to the latest Chrome releases as soon as possible. The latest Chrome iteration is rolling out as version 125.0.6422.112 for Linux and as versions 125.0.6422.112/.113 for Windows and macOS, along with the release of Chrome for Android versions 125.0.6422.112/.113 with the same security fixes.
The meeting notes also highlight that Chrome vulnerabilities are often exploited by commercial surveillance software vendors and that Google TAG researchers previously reported several zero-days targeted by spyware vendors.
Several related articles and updates related to the recent Chrome vulnerabilities and patches were also mentioned in the meeting notes.
In conclusion, the key takeaways from the meeting notes include the urgency for users to update to the latest Chrome releases, the details of the latest Chrome iteration, and the ongoing efforts by Google to address and patch vulnerabilities in Chrome.