Google is addressing the fifth actively exploited zero-day vulnerability in Chrome this year.

Since the beginning of 2024, Google has released an update aimed at addressing the fifth actively exploited zero-day vulnerability in the Chrome browser. This week, the company announced security fixes related to the vulnerability, which has been designatedCVE-2024-467This is already the fifth zero-day vulnerability that has been actively exploited by attackers since the beginning of this year. This vulnerability is related to a use-after-free issue and is present in the browser's rendering component. An anonymous researcher reported this flaw on May 7, 2024. An official notice from Google confirms that there is exploit code for it.CVE-2024-467In open channels. As is often the case, the tech giant did not provide detailed information on how exactly the attack exploiting this vulnerability is carried out.

The corporation promptly resolved this issue with updates version 124.0.6367.201 and 124.0.6367.202 for Mac and Windows operating systems, as well as 124.0.6367.201 for Linux. These updates will be gradually rolled out over the next few days and weeks.

Other zero-day vulnerabilities in the Chrome browser that were fixed this year:

• CVE-2024-0519: memory access error outside the allowable range in the JavaScript engine of the Chrome browser. (January 2024)
• CVE-2024-2887There is a type confusion issue present in WebAssembly.

Follow my updates on Twitter: @securityaffairs, as well as on Facebook and Mastodon. Pierluigi Paganini (SecurityAffairs – hacking, Google)