Google patches fourth actively exploited Chrome flaw in two weeks
Take action: Yes, this is ridiculous. Maybe try using Mozilla Firefox as an alternative? No guarantees that it will be much better, but four exploitable fixes in a week tells something about Google's QA testing process.
Learn More
Google has released another Chrome update to address yet another actively exploited vulnerability, marking the fourth zero-day flaw patched within two weeks.
The flaw is tracked as CVE-2024-5274 (CVSS score 7.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.
Google acknowledged the active exploitation of CVE-2024-5274 but has not provided specific details on the vulnerability or its exploitation in the wild.
Google is rolling out fixes as version 125.0.6422.112 for Linux and as versions 125.0.6422.112/.113 for Windows and macOS.
CVE-2024-5274 follows the recent patching of three other vulnerabilities:
- CVE-2024-4671 (use-after-free in Visuals),
- CVE-2024-4761 (out-of-bounds write in V8),
- CVE-2024-4947 (type confusion in V8).
