If you’re a Google Chrome user, you should make sure that you’re on 125.0.6422.112/.113 for Windows, Mac and 125.0.6422.112 for Linux. If you’re not, update ASAP as this update addresses a zero day vulnerability that is being actively exploited. Here’s what Google said:
This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[N/A][341663589] High CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of Google’s Threat Analysis Group and Brendon Tiszka of Chrome Security on 2024-05-20
Google is aware that an exploit for CVE-2024-5274 exists in the wild.
Fun fact, this is the fourth zero day that Google has patched this month. Here are the other three:
- CVE-2024-4947 patched on 15 May. This was another type confusion flaw in V8 that was reported by Vasily Berdnikov and Boris Larin of Kaspersky Lab and which was used in targeted attacks according to Kaspersky.
- CVE-2024-4761 patched on 13 May. An out of bounds memory write in V8 reported by an Anonymous researcher.
- CVE-2024-4671 patched on 9 May. A use after free flaw in the browser’s Visuals component that was reported by an Anonymous researcher.
So if you haven’t updated Chrome, consider this a today problem.
Like this:
Like Loading...
Related
This entry was posted on May 27, 2024 at 11:07 am and is filed under Commentary with tags Google. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Make Sure You Update Chrome ASAP To Mitigate An Actively Exploited Vulnerability…. Along With Some Others
If you’re a Google Chrome user, you should make sure that you’re on 125.0.6422.112/.113 for Windows, Mac and 125.0.6422.112 for Linux. If you’re not, update ASAP as this update addresses a zero day vulnerability that is being actively exploited. Here’s what Google said:
This update includes 1 security fix. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[N/A][341663589] High CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of Google’s Threat Analysis Group and Brendon Tiszka of Chrome Security on 2024-05-20
Google is aware that an exploit for CVE-2024-5274 exists in the wild.
Fun fact, this is the fourth zero day that Google has patched this month. Here are the other three:
So if you haven’t updated Chrome, consider this a today problem.
Share this:
Like this:
Related
This entry was posted on May 27, 2024 at 11:07 am and is filed under Commentary with tags Google. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.