Google Company patches again a zero-day vulnerability in its Chrome browser that has already been used in attacks. This fix is the fourth in the last two weeks and the eighth 0-day patch for Chrome this year.
The latest vulnerability has the identifier CVE-2024-5274 and was discovered within the company by Google specialist Clement Lecigne. It is reported that a type confusion problem was identified in the V8 JavaScript engine, which is responsible for executing JS code in the browser.
Advertisement
Vulnerabilities of this type occur when a program allocates a piece of memory to store data of a certain type, but incorrectly interprets it as data of a different type. Typically, such bugs lead to crashes, data corruption, and arbitrary code execution.
The developers warned that they were aware of the existence of an exploit for CVE-2024-5274, and the vulnerability was already under attack.
The fix for this bug is included in Chrome versions 125.0.6422.112/.113 for Windows and Mac, and Linux users should receive the update in version 125.0.6422.112 in the coming weeks.
Let us recall that over the past two weeks, three more zero-day vulnerabilities have been fixed in Chrome: earlier this month, Google engineers released urgent patches for problems CVE-2024-4671, CVE-2024-4761 and CVE-2024-4947.
Advertisement