Google on Monday released an emergency fix to address a new zero-day vulnerability in its Chrome web browser that has been widely exploited.
High severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write error affecting the V8 JavaScript and WebAssembly engines. The news was reported anonymously on May 9, 2024.
Out-of-bounds write errors can often be exploited by malicious actors to corrupt data, cause a crash, or execute arbitrary code on a compromised host.
“Google is aware of the vulnerability CVE-2024-4761,” the tech giant said.
Further details about the nature of the attack have been withheld to prevent more threat actors from weaponizing the flaw.
The disclosure comes just days after the company patched CVE-2024-4671, a use-after-free vulnerability in the Visuals component that has also been exploited in real-world attacks.
With the latest fixes, Google has addressed a total of six zero-day vulnerabilities since the start of the year, three of which were showcased at the Pwn2Own hacking competition in Vancouver in March –
Users are recommended to upgrade to Chrome version 124.0.6367.207/.208 on Windows and macOS and to Chrome version 124.0.6367.207 on Linux to mitigate potential threats.
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply fixes when they become available.
