Google has been forced to release an emergency security update for its Chrome browser just days after patching a previous Zero-Day vulnerability that was being actively exploited in the wild. This marks the sixth actively exploited Chrome Zero-Day addressed so far in 2024.
The latest high-severity flaw is tracked as CVE-2024-4761 and stems from an out-of-bounds write vulnerability in Chrome's V8 JavaScript engine. In the company's update blog, Google confirmed it is "aware that an exploit for CVE-2024-4761 exists in the wild."
Users are urged to apply the new Chrome 124.0.6367.207/.208 update for Windows/Mac and 124.0.6367.207 for Linux as soon as possible to prevent falling victim to active exploitation attempts leveraging this vulnerability.
The discovery of another Chrome Zero-Day being actively exploited so soon after the previous one has cybersecurity experts highly concerned about the escalating threats facing this ubiquitous web browser.
"The frequent discovery of Zero-Day vulnerabilities in Chrome has significant intelligence implications," warned Callie Guenther, Senior Manager at Critical Start. "These vulnerabilities can be exploited by threat actors to conduct cyber espionage, steal data, and launch targeted attacks."
Bugcrowd's Casey Ellis stressed that "an emergency patch without details is basically Google's highest level of alert. An exploit exists for this vulnerability in the wild, and active exploitation will likely commence soon."
Lionel Litty, Chief Security Architect at Menlo Security, pointed out that attackers "continue to focus on browsers in general and Chrome in particular as their most prized target" due to its widespread usage across desktop and mobile.
To mitigate risks, experts recommend Chrome users expedite patching, enable additional defensive controls like browser isolation, and remain vigilant for future Zero-Day disclosures from Google. This stretch of active exploitation targeting Chrome bugs underscores the importance of prompt patching and defense-in-depth protections around browsing activities.
Follow SecureWorld News for more stories related to cybersecurity.
