May 24, 2024 at 11:42AM
Google has addressed a critical high-severity security flaw, CVE-2024-5274, in its Chrome browser. The bug, a type confusion vulnerability in the V8 engine, poses threats such as code execution or access control bypasses. Two researchers, Clément Lecigne and Brendon Tiszka, reported the flaw. It marks Google’s fourth zero-day vulnerability this month. Affected users are urged to update their Chrome browser.
Key Takeaways from the Meeting Notes:
– Google released an update from its Chrome team to address a high-severity security flaw (CVE-2024-5274) that is actively being exploited.
– The bug is classified as critical and is a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.
– Type confusion vulnerabilities can allow threat actors to modify variables to trigger unintended actions, potentially leading to a range of security risks such as code execution and access control bypasses.
– The vulnerability was reported by two researchers from Google Threat Analysis Group and Chrome Security.
– This is the fourth zero-day vulnerability Google has patched this month, with other vulnerabilities including CVE-2024-4947, CVE-2024-4761, and CVE-2024-4671.
– Google recommends that Windows and macOS users upgrade to Chrome version 125.0.6422.112/.113, Linux users to version 125.0.6422.112, and Chromium-based users should apply fixes as they become available.