Security News > 2024 > May > Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274)

For the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability with an in-the-wild exploit.
As per usual, Google keeps technical details of the vulnerability under wraps.
The fact that the vulnerability has been reported by security researcher Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of its Chrome Security team seems to indicate that the zero-day is also being actively exploited by attackers.
The zero-day has been fixed in Chrome 125.0.6422.112/.113 and 125.0.6422.112.
Depending on the operating system you use and whether you have disabled the auto-updating feature or not, you can implement the update manually or you can close and reopen the browser and Google will do that for you.
Earlier this month, Google fixed three exploited zero-days in less than a week.
News URL
https://www.helpnetsecurity.com/2024/05/24/cve-2024-5274/
Related news
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- After Chrome patches zero-day used to target Russians, Firefox splats similar bug (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)