Security News > 2024 > May > Google Chrome emergency update fixes 6th zero-day exploited in 2024
Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks.
Chrome updates automatically when a security update is available, but users can confirm they're running the latest version by going to Settings > About Chrome, letting the update finish, and then clicking on the 'Relaunch' button to apply it.
This latest Google Chrome vulnerability is the sixth zero-day bug discovered and fixed in the popular web browser since the start of the year.
CVE-2024-0519: A high-severity out-of-bounds memory access weakness within the Chrome V8 JavaScript engine, allowing remote attackers to exploit heap corruption via a specially crafted HTML page, leading to unauthorized access to sensitive information.
CVE-2024-3159: A high-severity vulnerability caused by an out-of-bounds read in the Chrome V8 JavaScript engine.
Google fixes fifth Chrome zero-day exploited in attacks this year.
News URL
Related news
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- Google to kill Chrome Sync on older Chrome browser versions (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-06 | CVE-2024-3159 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. | 8.8 |
| 2024-01-16 | CVE-2024-0519 | Out-of-bounds Write vulnerability in multiple products Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |