May 24, 2024 at 07:09AM
Google has released fixes for a high-severity security flaw in its Chrome browser, identified as CVE-2024-5274, which has been exploited in the wild. The vulnerability is related to a type confusion bug in the V8 JavaScript and WebAssembly engine. This marks the fourth zero-day patched by Google this month. Users should upgrade to Chrome version 125.0.6422.112/.113 for Windows and macOS, and version 125.0.6422.112 for Linux. Similar updates are advised for other Chromium-based browsers.
Key takeaways from the meeting notes:
– Google addressed a high-severity security flaw in its Chrome browser, identified as CVE-2024-5274, which was exploited in the wild.
– The vulnerability is related to a type confusion bug in the V8 JavaScript and WebAssembly engine, reported by Clément Lecigne and Brendon Tiszka of Chrome Security on May 20, 2024.
– The fix marks the fourth zero-day patch by Google since the beginning of the month after CVE-2024-4671, CVE-2024-4761, and CVE-2024-4947.
– Google has not disclosed further technical details about the flaw but acknowledged that an exploit for CVE-2024-5274 exists in the wild.
– Users are advised to upgrade to Chrome version 125.0.6422.112/.113 for Windows and macOS and version 125.0.6422.112 for Linux to mitigate potential threats.
– Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as they become available.