Google Discovers Fourth Zero-Day in Less Than a MonthGoogle Discovers Fourth Zero-Day in Less Than a Month
The tech company has rolled out fixes for a type confusion vulnerability that has already been exploited by malicious actors.

Google has released an update from its Chrome team for a high-severity security flaw, tracked as CVE-2024-5274, that actively exists in the wild.
The bug is classified as critical and is a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.
These type confusion vulnerabilities, also known as type manipulation, can occur when a threat actor modifies a variable in order to trigger an unintended action. This can enable a threat actor to cause a crash, execute arbitrary code, or access control bypasses, among other capabilities.
The vulnerability was reported by two researchers: Google Threat Analysis Group's Clément Lecigne and Chrome Security's Brendon Tiszka.
This is the fourth zero-day vulnerability that Google has had to patch this month alone. The other vulnerabilities include CVE-2024-4947, CVE-2024-4761, and CVE-2024-4671.
Google recommends that Windows and macOS users upgrade to Chrome version 125.0.6422.112/.113 and Linux users to version 125.0.6422.112. Chromium-based users should apply fixes as they become available, Google added.
About the Author
You May Also Like
Securing the Remote Workforce
Feb 20, 2025Emerging Technologies and Their Impact on CISO Strategies
Feb 25, 2025How CISOs Navigate the Regulatory and Compliance Maze
Feb 26, 2025Where Does Outsourcing Make Sense for Your Organization?
Feb 27, 2025Shift Left: Integrating Security into the Software Development Lifecycle
Mar 5, 2025