Security News > 2024 > May > Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274)

For the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability with an in-the-wild exploit.
As per usual, Google keeps technical details of the vulnerability under wraps.
The fact that the vulnerability has been reported by security researcher Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of its Chrome Security team seems to indicate that the zero-day is also being actively exploited by attackers.
The zero-day has been fixed in Chrome 125.0.6422.112/.113 and 125.0.6422.112.
Depending on the operating system you use and whether you have disabled the auto-updating feature or not, you can implement the update manually or you can close and reopen the browser and Google will do that for you.
Earlier this month, Google fixed three exploited zero-days in less than a week.
News URL
https://www.helpnetsecurity.com/2024/05/24/cve-2024-5274/
Related news
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)