Google Discovers Fourth Zero-Day in Less Than a Month

The tech company has rolled out fixes for a type confusion vulnerability that has already been exploited by malicious actors.

Dark Reading Staff, Dark Reading

May 24, 2024

1 Min Read
The google search bar on a monitor screen. The "l" is replaced by a woman holding a bow and shooting an arrow at the "o"
Source: dpa picture alliance via Alamy Stock Photo

Google has released an update from its Chrome team for a high-severity security flaw, tracked as CVE-2024-5274, that actively exists in the wild.

The bug is classified as critical and is a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.

These type confusion vulnerabilities, also known as type manipulation, can occur when a threat actor modifies a variable in order to trigger an unintended action. This can enable a threat actor to cause a crash, execute arbitrary code, or access control bypasses, among other capabilities.

The vulnerability was reported by two researchers: Google Threat Analysis Group's Clément Lecigne and Chrome Security's Brendon Tiszka.

This is the fourth zero-day vulnerability that Google has had to patch this month alone. The other vulnerabilities include CVE-2024-4947, CVE-2024-4761, and CVE-2024-4671.

Google recommends that Windows and macOS users upgrade to Chrome version 125.0.6422.112/.113 and Linux users to version 125.0.6422.112. Chromium-based users should apply fixes as they become available, Google added.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights