Google has released Chrome version 125.0.6422.112/113 to address a critical zero-day vulnerability in the V8 JavaScript and WebAssembly engine.
Description
This latest update from Google aims to patch a zero-day vulnerability, identified as CVE-2024-5274 [1] [2] [4], in the V8 JavaScript and WebAssembly engine [2] [4]. The vulnerability, a critical type confusion bug [4], allows attackers to exploit unintended behavior [5], potentially compromising user data [1]. This marks the fourth zero-day vulnerability addressed by Google this month and the eighth in 2024. Security researchers from Google have reported active exploitation of this vulnerability by attackers, prompting the swift release of a patch. During the development cycle [3], security researchers collaborated with Google to prevent security bugs from reaching the stable channel [3]. Users are strongly advised to upgrade to the latest Chrome version to protect against remote code execution attacks. Other Chromium-based browsers are expected to release fixes soon [2].
Conclusion
The active exploitation of this zero-day vulnerability highlights the importance of timely software updates and the collaboration between security researchers and developers. Users should prioritize updating their browsers to the latest version to mitigate the risk of potential data compromise. This incident also underscores the ongoing challenges in maintaining cybersecurity in the face of evolving threats.
References
[1] https://www.bitdefender.com.au/blog/hotforsecurity/update-your-chrome-browser-google-patches-yet-another-critical-v8-security-bug-exploited-by-hackers-in-the-wild/
[2] https://www.helpnetsecurity.com/2024/05/24/cve-2024-5274/
[3] https://chromereleases.googleblog.com/2024/
[4] https://www.darkreading.com/vulnerabilities-threats/google-discovers-fourth-zero-day-in-less-than-a-month
[5] https://www.scmagazine.com/news/google-patches-fourth-zero-day-this-month-eighth-so-far-in-2024