Urgent Chrome Security Update Released to Address Zero-Day Vulnerability CVE-2024-5274
In a swift response to a critical security threat, Google has released an emergency update for its Chrome browser, aimed at addressing a zero-day vulnerability actively exploited in the wild. The high-severity flaw, identified as CVE-2024-5274, is rooted in a type confusion weakness within the Chrome V8 JavaScript engine.
The vulnerability was reported by Clément Lecigne from Google’s Threat Analysis Group and Brendon Tiszka of Chrome Security. Both groups are dedicated to shielding Google customers from state-sponsored cyber attacks. According to Google’s security advisory, published on Thursday, there is concrete evidence of the vulnerability being exploited in real-world attacks. However, specifics about these incidents remain undisclosed by the company at this time.
The CVE-2024-5274 vulnerability is classified as high-severity due to its potential to allow attackers to execute arbitrary code on vulnerable systems. Such exploits can lead to a variety of malicious activities, including data theft, system corruption, and unauthorized access to sensitive information.
Google has urged all Chrome users to upgrade to version 125.0.6422.112/.113 for Windows and Mac, and 125.0.6422.112 for Linux. This new version includes the necessary patch to protect against the CVE-2024-5274 vulnerability.
Users can manually check for updates and install the latest version by navigating to the Chrome menu > Help > About Google Chrome. The browser will also automatically search for updates and install them upon restart, ensuring users are protected without the need for direct intervention.