Threat Advisory

Google Chrome Zero-Day Vulnerability Exploited in the Wild

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High

EXECUTIVE SUMMARY

A newly discovered vulnerability, known as CVE-2024-4761, poses a significant risk to users of Google Chrome and other Chromium-based browsers. This high-severity flaw, affecting the V8 JavaScript and WebAssembly engine, allows for out-of-bounds write exploits. Exploitation of such vulnerabilities can lead to data corruption, system crashes, or the execution of malicious code on affected devices. Notably, Google has confirmed the existence of an exploit in the wild, underlining the urgent need for users to apply the provided emergency fixes. Furthermore, recent history underscores the importance of timely updates, as this disclosure closely follows the patching of CVE-2024-4671, another vulnerability recently exploited in real-world attacks. While specific details about the ongoing attacks remain undisclosed to prevent further exploitation, users are strongly advised to promptly install the provided patches as they become available to mitigate the risk of compromise.

RECOMMENDATION:

  • We strongly recommend you upgrade Chrome to version 124.0.6367.207/.208 for Windows and macOS, and to version 124.0.6367.207 for Linux.

REFERENCES:

The following reports contain further technical details:
https://thehackernews.com/2024/05/new-chrome-zero-day-vulnerability-cve.html

crossmenu