Sunday, May 19, 2024

New Google Chrome Zero-day Exploited in the Wild, Patch Now!

Google has issued an urgent security update for its Chrome browser after discovering a zero-day vulnerability that is currently being exploited by attackers.

The vulnerability, tracked as CVE-2024-4761, affects the V8 JavaScript engine and could potentially allow attackers to execute arbitrary code on the user’s computer.

Google has responded quickly with a patch, urging all users to update their browsers immediately to the latest version to protect against potential attacks.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

CVE-2024-4761: Details of the Vulnerability

This vulnerability stems from an out-of-bounds write in V8, the JavaScript engine used by Google Chrome.

Such a flaw can be exploited by attackers to execute arbitrary code remotely on a victim’s machine, potentially leading to unauthorized access or control over the affected system.

In response to the discovery of the exploit, Google has updated Chrome across various platforms:

  • Mac and Windows: The Stable channel has been updated to versions 124.0.6367.207 and 124.0.6367.208.
  • Linux: The Stable channel has been updated to version 124.0.6367.207.
  • Extended Stable Channel: Both Mac and Windows versions have been updated to 124.0.6367.207.

These updates are rolling out over the coming days and weeks. Users are advised to check their Chrome version and update immediately to the latest release to prevent any potential risk of exploitation.

Google has acknowledged the severity of the vulnerability and is taking steps to ensure that a majority of users receive the update as soon as possible.

Access to detailed bug reports and links will remain restricted until it is confirmed that a significant number of users have implemented the patch.

This measure is to prevent the further spread of the exploit.

Google also expressed gratitude to the security researchers who helped identify and address the vulnerability before it could affect more users.

The tech giant continues to encourage the community to report any new issues and participate in maintaining Chrome’s security integrity through its bug reporting system and community help forums.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free

Website

Latest articles

Hackers Exploiting Docusign With Phishing Attack To Steal Credentials

Hackers prefer phishing as it exploits human vulnerabilities rather than technical flaws which make...

Norway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks

A very important message from the Norwegian National Cyber Security Centre (NCSC) says that...

New Linux Backdoor Attacking Linux Users Via Installation Packages

Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices,...

ViperSoftX Malware Uses Deep Learning Model To Execute Commands

ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine,...

Santander Data Breach: Hackers Accessed Company Database

Santander has confirmed that there was a major data breach that affected its workers...

U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers

The U.S. government has offered a prize of up to $5 million for information...

Russian APT Hackers Attacking Critical Infrastructure

Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated...
Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles