Google on Monday transported emergency fixes to handle a new zero-working day flaw in the Chrome web browser that has appear beneath energetic exploitation in the wild.
The significant-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds publish bug impacting the V8 JavaScript and WebAssembly motor. It was claimed anonymously on May 9, 2024.
Out-of-bounds compose bugs could be typically exploited by malicious actors to corrupt info, or induce a crash or execute arbitrary code on compromised hosts.

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“Google is knowledgeable that an exploit for CVE-2024-4761 exists in the wild,” the tech large claimed.
Further specifics about the nature of the attacks have been withheld to reduce additional threat actors from weaponizing the flaw.
The disclosure comes simply times right after the corporation patched CVE-2024-4671, a use-just after-cost-free vulnerability in the Visuals component that has been exploited in actual-globe attacks.
With the hottest repair, Google has resolved a full of six zero-days given that the start off of the yr, a few of which have been shown at the Pwn2Own hacking contest in Vancouver in March –
- CVE-2024-0519 – Out-of-bounds memory obtain in V8 (actively exploited)
- CVE-2024-2886 – Use-just after-absolutely free in WebCodecs
- CVE-2024-2887 – Variety confusion in WebAssembly
- CVE-2024-3159 – Out-of-bounds memory accessibility in V8
- CVE-2024-4671 – Use-following-totally free bug in Visuals (actively exploited)
Customers are proposed to update to Chrome variation 124..6367.207/.208 for Windows and macOS, and model 124..6367.207 for Linux to mitigate opportunity threats.
Consumers of Chromium-based browsers such as Microsoft Edge, Courageous, Opera, and Vivaldi are also advised to apply the fixes as and when they turn into offered.
Uncovered this posting attention-grabbing? Abide by us on Twitter and LinkedIn to read through extra exceptional written content we write-up.
Some components of this posting are sourced from:
thehackernews.com