Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks.
This fix comes only three days after Google addressed another zero-day vulnerability in Chrome, CVE-2024-4671, caused by a use-after-free weakness in the Visuals component.
Sixth zero-day exploited in attacksThis latest Google Chrome vulnerability is the sixth zero-day bug discovered and fixed in the popular web browser since the start of the year.
We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” Google said.
Chrome zero-day flaws fixed in 2024 so far include:
Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks.
This fix comes only three days after Google addressed another zero-day vulnerability in Chrome, CVE-2024-4671, caused by a use-after-free weakness in the Visuals component.
The latest bug is tracked as CVE-2024-4761. It is an out-of-bounds write problem impacting Chrome’s V8 JavaScript engine, which is responsible for executing JS code in the application.
Out-of-bounds write issues occur when a program is allowed to write data outside the specified array or buffer, potentially leading to unauthorized data access, arbitrary code execution, or program crashes.
“Google is aware that an exploit for CVE-2024-4761 exists in the wild,” reads the advisory.
The company fixed the security flaw with the release of 124.0.6367.207/.208 for Mac/Windows and 124.0.6367.207 for Linux. The updates will roll out to all users over the coming days/weeks.
For users of the ‘Extended Stable’ channel, fixes will be made available in version 124.0.6367.207 for Mac and Windows.
Chrome updates automatically when a security update is available, but users can confirm they’re running the latest version by going to Settings > About Chrome, letting the update finish, and then clicking on the ‘Relaunch’ button to apply it.
Sixth zero-day exploited in attacks
This latest Google Chrome vulnerability is the sixth zero-day bug discovered and fixed in the popular web browser since the start of the year.
The company notes that an anonymous researcher reported the flaw on May 9, 2024, but no further details have been disclosed at this time.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” Google said.
Chrome zero-day flaws fixed in 2024 so far include:
