Update Chrome Browser Now: 4th Zero-Day Exploit Discovered in May 2024
May 24, 2024
Vulnerability / Browser Security
Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier CVE-2024-5274 , the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of Chrome Security on May 20, 2024. Type confusion vulnerabilities occur when a program attempts to access a resource with an incompatible type. It can have serious consequences as it allows threat actors to perform out-of-bounds memory access, cause a crash, and execute arbitrary code. The development marks the fourth zero-day that Google has patched since the start of the month after CVE-2024-4671 , CVE-2024-4761 , and CVE-2024-4947 . The tech giant did not disclose additional technical details about the flaw, but acknowledged that it "is aware that an exploit for CVE-2024-5274 exists in the wild