Google Discovers Active Attack on May's Fourth Chrome Zero-Day: Update Immediately
In response to a high-severity security vulnerability in its Chrome browser that it said has been used in the wild, Google released updates for the browser on Thursday.
The vulnerability, which has been assigned the CVE identifier CVE-2024-5274, is related to a type misunderstanding fault in the WebAssembly and JavaScript V8 engines. On May 20, 2024, Brendon Tiszka of Chrome Security and Clément Lecigne of Google's Threat Analysis Group reported it.
A software can become vulnerable to type confusion by trying to access resources of an incompatible type. Because it gives threat actors the ability to run arbitrary code, do out-of-bounds memory access, and cause a crash, it may have dangerous repercussions.
With the development, Google has now fixed four zero-day vulnerabilities this month, following CVE-2024-4671, CVE-2024-4761, and CVE-2024-4947.
The IT giant confirmed that it "is aware that an attack for CVE-2024-5274 exists in the wild," but it did not provide any further technical specifics regarding the vulnerability. It is unclear whether the flaw is a workaround for CVE-2024-4947, a V8 type confusion fault.
Since the beginning of the year, Google has fixed eight zero-day vulnerabilities in Chrome with the most recent patch.
Comments
Post a Comment
In the comments, give your opinion on the information you have read, and don't be afraid to tell us what we did wrong or your good advice so that we know what we should convey to you and what you would like us to add.