Google Chrome is targeted frequently by hackers and malware developers, not only because it open-source through the Chromium project, but also because it’s the most widely-used browser in the world. Other browsers using the same engine, such as Microsoft Edge and Vivaldi, makes it an even bigger target. Yet another Chrome zero-day that was being exploited in the wild was just patched, so you might want to update your browser.
Google has released an emergency security update for its Chrome browser to address a critical vulnerability, tracked as CVE-2024-5274. This marks the eighth actively exploited zero-day flaw discovered in Chrome this year, and the third this month alone. The vulnerability, a high-severity “type confusion” issue in Chrome’s V8 JavaScript engine, could allow attackers to execute arbitrary code on a user’s system. Google has confirmed that an exploit for this flaw exists in the wild, so if you haven’t already, you should probably go ahead and download that emergency update on your device now.
While technical details about the vulnerability remain undisclosed to protect users (tipping off even more malicious actors about the vulnerability would be unwise), Google says that a fix is now available for Chrome’s Stable channel on Windows, Mac, and Linux. Make sure to check for updates on your browser now and install the update promptly, as well as relaunch your browsers to ensure protection. It’s especially important to do it if you haven’t done it in a while, as you might be affected by other patched vulnerabilities.
Many of the zero-days that have been patched this year allow for arbitrary code execution under several circumstances, which means that the vulnerabilities serve as a pathway for malicious actors to execute code, such as malware, on your browser and on your computer. They’re all bad, and they’re all vulnerabilities that you want to fix now. This latest patch comes amidst Google’s recent decision to reduce the frequency of Chrome security updates from twice to once a week.
Make sure to download the update if you haven’t done so already. You should see an update notification in Chrome’s manu menu if one is available.
Source: Bleeping Computer
