Google Chrome customers warned of ‘excessive risk’ and urged to ‘replace’ browser now
Google Chrome users are being urged to update their app immediately after a “high” level bug was discovered in the app’s code. The tech giant’s researchers have identified a serious security threat, known as CVE-2024-5274, which is a type of confusion bug in the V8 JavaScript and WebAssembly engine.
The Google Threat Analysis team and Chrome Security flagged the issue on May 20, with the the security breach having caused an “out-of-bounds memory access” problem in Chrome’s V8 JavaScript engine that was already being exploited before Google could patch it.
Tech experts are now advising Google Chrome users to upgrade to Chrome version 125.0. 6422.112/.113 for Windows and macOS, and version 125.0. 6422.112 for Linux to fend off potential threats.
READ MORE: India is creating artificial intelligence-powered army to level playing field with China
The vulnerabilities stem from a Type Confusion bug in the V8 JavaScript engine and also impact other Chromium-based browsers, including Microsoft Edge, reports Birmingham Live. If these vulnerabilities are successfully exploited, an attacker could execute code remotely via a maliciously crafted HTML page, causing widespread system damage and even a loss of personal data.
Google confirmed: ” The Stable channel has been updated to 125.0.6422.112/.113 for Windows, Mac and 125.0.6422.112 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.
“Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
“Google is aware that an exploit for CVE-2024-5274 exists in the wild.”
It also urged Chrome users to promptly update their browsers due to this week’s threat: “We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.”