Google has released an update for Chrome that fixes a serious vulnerability that has been exploited in the wild. This is the eighth zero day that Google has patched in Chrome in the last five months.
The latest flaw (CVE-2024-5274) is a type confusion bug in the V8 engine in Chrome, and one of Google’s Threat Analysis Group researchers, Clément Lecigne, discovered and reported the flaw. Google does not typically publish technical details of Chrome vulnerabilities immediately, giving users a chance to upgrade before attackers get their hands on the bug, so the specifics of the bug are not public right now.
But any vulnerability discovered by researchers from TAG should be taken seriously. TAG is Google’s internal team that tracks the activities of high-level attack groups, including state-backed actors, so when they discover a new bug being exploited in the wild, it’s usually something that’s been used by one of those groups.
Google patched another type confusion zero day (CVE-2024-4947) in V8 just last week ans has addressed several other actively exploited vulnerabilities in Chrome this year, as well. Ussers should upgrade Chrome as soon as possible to address this latest flaw.