May 14, 2024 at 07:40AM
Google has patched a second zero-day vulnerability, CVE-2024-4761, in Chrome just days after fixing CVE-2024-4671. Both flaws were exploited in attacks, with CVE-2024-4761 described as a high-severity issue. An anonymous researcher reported the vulnerability, and an exploit for it has been developed, but its effectiveness is unknown. Eight zero-days targeted Chrome in 2023.
Key takeaways from the meeting notes:
1. Google has addressed a new zero-day vulnerability, CVE-2024-4761, in its Chrome browser. This vulnerability is a high-severity out-of-bounds write issue in the V8 JavaScript and WebAssembly engine, and an exploit is known to exist in the wild.
2. This is the second zero-day vulnerability addressed by Google within one week, with the first being CVE-2024-4671, a high-severity use-after-free bug in the Visuals component.
3. There are reports of a proof-of-concept (PoC) exploit for CVE-2024-4761, but its effectiveness is currently unclear.
4. Google and Mandiant reported that 97 vulnerabilities were exploited in the wild in 2023, representing a 50% increase from the previous year. Eight of these zero-days targeted Chrome, with 75% attributed to spyware vendors.
5. Although it is unclear if the two zero-day vulnerabilities are connected, Google has not shared additional details about the attacks associated with CVE-2024-4761.
6. It is worth noting related articles and reports on Google’s efforts to patch critical vulnerabilities in Chrome and the rewards paid out for identifying serious flaws.
Please let me know if there is anything else you would like to add or if further details are needed.