Google Discovers Fourth Zero-Day in Less Than a Month

Original Source: Dark Reading

Google has released an update from its Chrome team for a high-severity security flaw, tracked as CVE-2024-5274, that actively exists in the wild.

The bug is classified as critical and is a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.

These type confusion vulnerabilities, also known as type manipulation, can occur when a threat actor modifies a variable in order to trigger an unintended action. This can enable a threat actor to cause a crash, execute arbitrary code, or access control bypasses, among other capabilities.

The vulnerability was reported by two researchers: Google Threat Analysis Group's Clément Lecigne and Chrome Security's Brendon Tiszka.

This is the fourth zero-day vulnerability that Google has had to patch this month alone. The other vulnerabilities include CVE-2024-4947, CVE-2024-4761, and CVE-2024-4671.

Google recommends that Windows and macOS users upgrade to Chrome version 125.0.6422.112/.113 and Linux users to version 125.0.6422.112. Chromium-based users should apply fixes as they become available, Google added.

Source URL: https://www.darkreading.com/vulnerabilities-threats/google-discovers-fourth-zero-day-in-less-than-a-month

Author: External News-Site