Property Abroad
Blog
Google is fixing the sixth actively exploited zero-day vulnerability in Chrome this year.

Google is fixing the sixth actively exploited zero-day vulnerability in Chrome this year.

Google is fixing the sixth actively exploited zero-day vulnerability in Chrome this year.

Recently, Google released emergency security updates to address an actively exploited zero-day vulnerability in the Chrome browser, which was designated asCVE-2024-4761This vulnerability represents an out-of-bounds write issue and affects the V8 JavaScript engine used in the Google browser. Developers have confirmed that this vulnerability is already being exploited in real-world attacks. The notification states:CVE-2024-4761: Write outside the allocated area in V8. Reported by an anonymous source on 2024-05-09. Since the vulnerability is actively being exploited in cyberattacks, the company urgently released updates for version 124.0.6367.207/.208 for Mac and Windows operating systems, as well as 124.0.6367.207 for Linux. Important updates will be gradually rolled out to all users over the coming days and weeks. The vulnerabilityCVE-2024-4671It became the sixth this year, used in attacks and eliminated by the IT giant.

As in previous cases, Google does not disclose the details of the attacks that exploit this vulnerability.

According to the additional notice, access to information about found bugs and related links may remain restricted until the majority of users have updated to the fixed version. Google will also maintain restrictions if the vulnerability is related to third-party libraries that other projects depend on and that have not yet been addressed.

A list of actively exploited zero-day vulnerabilities in the Chrome browser that have been fixed this year:

  • CVE-2024-0519: memory access violation in the Chrome JavaScript engine (January 2024).
  • CVE-2024-2887: type confusion error found in WebAssembly. The vulnerability was demonstrated by Manfred Paul at Pwn2Own 2024 (March 2024).
  • CVE-2024-2886The issue of "use after free" in WebCodecs. This vulnerability was demonstrated by Sungheon Lee (@0x10n) from Hacking Lab KAIST during Pwn2Own 2024 (March 2024).
  • CVE-2024-3159: memory access error outside in the V8 JavaScript engine. The vulnerability was demonstrated by Eduard Boshin (@le_douds) and Tao Yan (@Ga1ois) from Palo Alto Networks at Pwn2Own 2024 on March 22, 2024.
  • CVE-2024-4671Error "use after free" related to visualization components (May 2024).

Stay updated, follow me on Twitter: @securityaffairs, as well as on Facebook and Mastodon. Pierluigi Paganini (SecurityAffairs – hacking, Chrome).

Tags

Comment

Popular Posts

Subscribe to the newsletter from Hatamatata.com!

I agree to the processing of personal data and confidentiality rules of Hatamatata