Google on Thursday rolled out patches to fix a high-severity security flaw in its Chrome browser that it says was wildly exploited.
Assigned CVE ID CVE-2024-5274, the vulnerability is linked to a type confusion bug in the JavaScript and WebAssembly V8 engine. This was reported by Clément Lecigne of Google’s Threat Analysis Group and Brendon Tiszka of Chrome Security on May 20, 2024.
Type confusion vulnerabilities occur when a program attempts to access a resource with an incompatible type. This can have serious consequences because it allows malicious actors to perform out-of-bounds memory access, cause a crash, and execute arbitrary code.
This development marks the fourth zero day that Google has patched since the start of the month following CVE-2024-4671, CVE-2024-4761 and CVE-2024-4947.
The tech giant did not disclose additional technical details about the flaw, but acknowledged that it “is aware that an exploit for CVE-2024-5274 exists in the wild.” It’s unclear whether the flaw is a patch bypass for CVE-2024-4947, which is also a type confusion bug in V8.
With the latest patch, Google has resolved a total of eight zero days resolved by Google in Chrome since the start of the year –
Users are recommended to upgrade to Chrome version 125.0.6422.112/.113 for Windows and macOS, and version 125.0.6422.112 for Linux to mitigate potential threats.
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply patches as soon as they become available.
News Source : thehackernews.com
Gn tech
/cdn.vox-cdn.com/uploads/chorus_asset/file/25589759/Sony_WF_C510_Earbuds.png?w=390&resize=390,220&ssl=1 "Sony’s new budget wireless headphones give you voice isolation and quick pairing")
