New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation

Avatar
Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine. It was reported anonymously on May 9, 2024. Out-of-bounds write bugs could be typically
[[{“value”:”

Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild.

The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine. It was reported anonymously on May 9, 2024.

Out-of-bounds write bugs could be typically exploited by malicious actors to corrupt data, or induce a crash or execute arbitrary code on compromised hosts.

“Google is aware that an exploit for CVE-2024-4761 exists in the wild,” the tech giant said.

Additional details about the nature of the attacks have been withheld to prevent more threat actors from weaponizing the flaw.

The disclosure comes merely days after the company patched CVE-2024-4671, a use-after-free vulnerability in the Visuals component that has also been exploited in real-world attacks.

With the latest fix, Google has addressed a total of six zero-days since the start of the year, three of which were demonstrated at the Pwn2Own hacking contest in Vancouver in March –

CVE-2024-0519 – Out-of-bounds memory access in V8 (actively exploited)
CVE-2024-2886 – Use-after-free in WebCodecs
CVE-2024-2887 – Type confusion in WebAssembly
CVE-2024-3159 – Out-of-bounds memory access in V8
CVE-2024-4671 – Use-after-free in Visuals (actively exploited)

Users are recommended to upgrade to Chrome version 124.0.6367.207/.208 for Windows and macOS, and version 124.0.6367.207 for Linux to mitigate potential threats.

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Apple and Google Launch Cross-Platform Feature to Detect Unwanted Bluetooth Tracking Devices

Next Post

VMware Patches Severe Security Flaws in Workstation and Fusion Products

Related Posts

North Korean Hackers Deploy New Golang Malware ‘Durian’ Against Crypto Firms

The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at two South Korean cryptocurrency firms. "Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads, and exfiltration of files,"
Avatar
Read More

Vietnam-Based Hackers Steal Financial Data Across Asia with Malware

A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries with malware designed to harvest valuable data since at least May 2023. Cisco Talos is tracking the cluster under the name CoralRaider, describing it as financially motivated. Targets of the campaign include India, China, South Korea, Bangladesh, Pakistan, Indonesia,
Avatar
Read More