Security News > 2024 > May > Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274)
For the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability with an in-the-wild exploit.
As per usual, Google keeps technical details of the vulnerability under wraps.
The fact that the vulnerability has been reported by security researcher Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of its Chrome Security team seems to indicate that the zero-day is also being actively exploited by attackers.
The zero-day has been fixed in Chrome 125.0.6422.112/.113 and 125.0.6422.112.
Depending on the operating system you use and whether you have disabled the auto-updating feature or not, you can implement the update manually or you can close and reopen the browser and Google will do that for you.
Earlier this month, Google fixed three exploited zero-days in less than a week.
News URL
https://www.helpnetsecurity.com/2024/05/24/cve-2024-5274/
Related news
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947) (source)
- Google fixes fifth Chrome zero-day exploited in attacks this year (source)
- Google Chrome emergency update fixes 6th zero-day exploited in 2024 (source)
- New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation (source)
- Google patches third exploited Chrome zero-day in a week (source)
- Google fixes third actively exploited Chrome zero-day in a week (source)
- Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability (source)
- Google fixes eighth actively exploited Chrome zero-day this year (source)
- Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel (source)