Google on Thursday rolled out fixes to address a higher-severity security flaw in its Chrome browser that it mentioned has been exploited in the wild.
Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a sort confusion bug in the V8 JavaScript and WebAssembly motor. It was noted by Clément Lecigne of Google’s Threat Examination Team and Brendon Tiszka of Chrome Security on May well 20, 2024.
Kind confusion vulnerabilities arise when a application attempts to entry a useful resource with an incompatible sort. It can have critical penalties as it allows risk actors to carry out out-of-bounds memory obtain, bring about a crash, and execute arbitrary code.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
The enhancement marks the fourth zero-day that Google has patched due to the fact the start out of the thirty day period after CVE-2024-4671, CVE-2024-4761, and CVE-2024-4947.
The tech large did not disclose additional complex details about the flaw, but acknowledged that it “is conscious that an exploit for CVE-2024-5274 exists in the wild.” It truly is not crystal clear if the shortcoming is a patch bypass for CVE-2024-4947, which is also a type confusion bug in V8.
With the newest fix, Google has settled a complete of 8 zero-times have been fixed by Google in Chrome due to the fact the start of the calendar year –
- CVE-2024-0519 – Out-of-bounds memory access in V8
- CVE-2024-2886 – Use-following-absolutely free in WebCodecs (shown at Pwn2Personal 2024)
- CVE-2024-2887 – Variety confusion in WebAssembly (demonstrated at Pwn2Possess 2024)
- CVE-2024-3159 – Out-of-bounds memory accessibility in V8 (shown at Pwn2Own 2024)
- CVE-2024-4671 – Use-after-free of charge in Visuals
- CVE-2024-4761 – Out-of-bounds compose in V8
- CVE-2024-4947 – Kind confusion in V8
People are advised to upgrade to Chrome edition 125..6422.112/.113 for Windows and macOS, and edition 125..6422.112 for Linux to mitigate possible threats.
End users of Chromium-dependent browsers these types of as Microsoft Edge, Courageous, Opera, and Vivaldi are also encouraged to apply the fixes as and when they grow to be readily available.
Observed this write-up interesting? Stick to us on Twitter and LinkedIn to examine extra special information we article.
Some parts of this article are sourced from:
thehackernews.com
Courtroom Software Backdoored to Deliver RustDoor Malware in Supply Chain Attack