Security News > 2024 > May > Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274)
For the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability with an in-the-wild exploit.
As per usual, Google keeps technical details of the vulnerability under wraps.
The fact that the vulnerability has been reported by security researcher Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of its Chrome Security team seems to indicate that the zero-day is also being actively exploited by attackers.
The zero-day has been fixed in Chrome 125.0.6422.112/.113 and 125.0.6422.112.
Depending on the operating system you use and whether you have disabled the auto-updating feature or not, you can implement the update manually or you can close and reopen the browser and Google will do that for you.
Earlier this month, Google fixed three exploited zero-days in less than a week.
News URL
https://www.helpnetsecurity.com/2024/05/24/cve-2024-5274/
Related news
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
- Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474) (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)