Google Discovers Fourth Zero-Day in Less Than a Month
The tech company has rolled out fixes for a type confusion vulnerability that has already been exploited by malicious actors.
![The google search bar on a monitor screen. The "l" is replaced by a woman holding a bow and shooting an arrow at the "o" The google search bar on a monitor screen. The "l" is replaced by a woman holding a bow and shooting an arrow at the "o"](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltcd0662bf2d1b3065/65a022947be768040a211a45/google_search_dpa_picture_alliance_Alamy.jpg?width=850&auto=webp&quality=95&format=jpg&disable=upscale)
Google has released an update from its Chrome team for a high-severity security flaw, tracked as CVE-2024-5274, that actively exists in the wild.
The bug is classified as critical and is a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.
These type confusion vulnerabilities, also known as type manipulation, can occur when a threat actor modifies a variable in order to trigger an unintended action. This can enable a threat actor to cause a crash, execute arbitrary code, or access control bypasses, among other capabilities.
The vulnerability was reported by two researchers: Google Threat Analysis Group's Clément Lecigne and Chrome Security's Brendon Tiszka.
This is the fourth zero-day vulnerability that Google has had to patch this month alone. The other vulnerabilities include CVE-2024-4947, CVE-2024-4761, and CVE-2024-4671.
Google recommends that Windows and macOS users upgrade to Chrome version 125.0.6422.112/.113 and Linux users to version 125.0.6422.112. Chromium-based users should apply fixes as they become available, Google added.
About the Author(s)
You May Also Like
Black Hat USA - Aug 3-8 - The Premier Technical Cybersecurity Conference - Learn More
August 3, 2024Anatomy of a Data Breach - Dark Reading June 20 Event
June 20, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024