Update Your Chrome Browser Now, Google Found Its 4th Zero Day Flaw This Month
Before you wrap up the week and fully settle into weekend mode—especially with this being a holiday weekend—do yourself a solid and update your Chrome browser. At the risk of sounding like a broken record, there's a zero day flaw (another one) that, if left unpatched, leaves you susceptible to all kind of things that you don't want to happen.
Tracked as CVE-2024-5274, this is a "type confusion in V8" vulnerability with a High security rating. V8 is the JavaScript engine that drives Chrome's handling of JavaScript code, while a type confusion error is when a program accesses a resource in a way that is incompatible with how it's supposed to be accessed, leading to out-of-bounds memory access.
While it may sound like a minor thing, these types of flaws can lead to annoyances such as a browser crash and/or data corruption, or be more serious and enable a remote attacker to execute arbitrary code to steal your data, spy on sensitive information, or install malware.
Google isn't sharing a ton of details on the exploit at the moment, which is standard practice until a large number of Chrome users have had a chance to update their browser. However, it did confirm that the an exploit for CVE-2024-5274 exists in the wild, meaning that hackers are actively targeting unpatched Chrome builds.
This is the fourth zero day flaw in Chrome in May alone, and the eighth to be discovered so far this year. Others include CVE-2024-0519 (out-of-bounds memory access in V8), CVE-2024-2886 (user-after-free in WebCodecs), CVE-2024-2887 (type confusion in WebAssembly), CVE-2024-3159 (out-of-bounds memory access in V8), CVE-2024-4671 (user-after-free in Visuals), CVE-2024-4761 (out-of-bounds write in V8), and CVE-2024-4947 (type confusion in V8).
Three of those—2886, 2887, and 3159—were discovered during this year's Pwn2Own security event. While you can wait around for Chrome to automatically patch itself, your best bet is to initiate a manual update. You can do this by clicking on the three vertical dots in the upper-right corner and navigating to Help > About Chrome.
This will prompt Chrome to search for, fetch, and install the latest build, which at the time of this writing is version 125.0.6422.113 in Windows. Let it install then click the relaunch button, with will update Chrome and reload all of your open tabs. Just be sure to save any in-browser work first.
