Merely three days after addressing a zero-day vulnerability in the browser, Google Chrome has released an emergency update to fix yet another zero-day exploit.
This exploit is called CVE-2024-4761 and is the sixth zero-day exploit to be addressed by Google in 2024.
Though the Google Chrome team has not divulged many details, the CVE-2024-4761 exploit is considered a High impact.
“Google is aware that an exploit for CVE-2024-4761 exists in the wild,” adds the blog post.
What’s the Damage
It is mentioned that the issue affects the V8 JavaScript engine on Chrome, which handles JS-based requests.
Since it is an out-of-bounds write issue, threat actors could use the exploit to run arbitrary code or cause program crashes, leading to data loss and corruption.
This emergency update has pushed the Google Chrome versions for Mac and PC to 124.0.6367.207/.208. According to Google, this version of the popular web browser will be available in the coming days/weeks.
The Chrome release blog post mentions that version 124.0.6367.207 for Linux is also being rolled out gradually.
The devices using the Extended Stable channel will receive the update through version 124.0.6367.207 for Mac and Windows. This version is expected to roll out in the coming days/weeks.
Since it is an emergency update, Google Chrome will update itself on Mac and Windows.
However, users can go to Settings > About Chrome to fast-track updates. The new version will be active after the relaunch.
Conversely, CVE-2024-4761 marks a dangerous trend that Chrome security has witnessed this year.
Not the First Time
There have been five zero-day exploits already, two of which have already affected the V8 JavaScript engine.
In addition, these zero-day exploit attacks targeted the WebAssembly standard, WebCodecs API, and the Visual component.
Judging the vulnerability potential of the threat, Google Chrome has not revealed many details about the CVE-2024-4761 exploit.
The team will retain these restrictions until most users have installed the emergency update.
It would also be looking for the presence of the bug in a third-party library.
