Google on Thursday rolled out fixes to handle a substantial-severity security flaw in its Chrome browser that it reported has been exploited in the wild.
Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a form confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Clément Lecigne of Google’s Threat Examination Team and Brendon Tiszka of Chrome Security on May perhaps 20, 2024.
Kind confusion vulnerabilities arise when a program makes an attempt to accessibility a resource with an incompatible variety. It can have serious consequences as it enables risk actors to execute out-of-bounds memory entry, result in a crash, and execute arbitrary code.
The improvement marks the fourth zero-working day that Google has patched because the begin of the thirty day period soon after CVE-2024-4671, CVE-2024-4761, and CVE-2024-4947.
The tech huge did not disclose added specialized facts about the flaw, but acknowledged that it “is mindful that an exploit for CVE-2024-5274 exists in the wild.” It is not apparent if the shortcoming is a patch bypass for CVE-2024-4947, which is also a style confusion bug in V8.
With the newest take care of, Google has resolved a complete of 8 zero-times have been solved by Google in Chrome considering that the get started of the year –
- CVE-2024-0519 – Out-of-bounds memory obtain in V8
- CVE-2024-2886 – Use-following-absolutely free in WebCodecs (shown at Pwn2Individual 2024)
- CVE-2024-2887 – Variety confusion in WebAssembly (demonstrated at Pwn2Have 2024)
- CVE-2024-3159 – Out-of-bounds memory entry in V8 (demonstrated at Pwn2Very own 2024)
- CVE-2024-4671 – Use-after-cost-free in Visuals
- CVE-2024-4761 – Out-of-bounds generate in V8
- CVE-2024-4947 – Variety confusion in V8
End users are suggested to up grade to Chrome variation 125..6422.112/.113 for Windows and macOS, and edition 125..6422.112 for Linux to mitigate likely threats.
Consumers of Chromium-primarily based browsers this kind of as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they grow to be offered.
Uncovered this posting interesting? Observe us on Twitter and LinkedIn to go through additional exceptional content material we publish.
Some parts of this article are sourced from:
thehackernews.com
Courtroom Software Backdoored to Deliver RustDoor Malware in Supply Chain Attack