In the last few days, Google has released a new emergency security update to patch another actively exploited zero-day bug in its Chrome Web Browser. This bug can be tracked under: CVE-2024-5274.
This release makes the 3rd emergency zero-day release this month.
These releases (for May 2024) are:
CVE-2024-4671: a use-after-free issue that resides in the Visuals component (May 2024).
CVE-2024-4761: an out-of-bounds write issue that resides in the V8 JavaScript engine (May 2024).
CVE-2024-4947: a type confusion that resides in V8 JavaScript engine (May 2024).
Google Chrome for home users should be set to a default of auto-download and install updates, so home users should have these updates installed promptly with no user-needed interaction.
However, for Corporate / Enterprise and/or small businesses supported by a MSP, these updates may not be rolled out quickly.
SecureSphere strongly recommends that these updates are rolled out to Corporate / Enterprise environment and/or small businesses environments ASAP.
Latest Chrome version as at May 27th, 2024 is: 125.0.6422.113 (Official Build – 64-bit).