Google Detects 4th Chrome Zero-Day in May Actively Under Attack - Update ASAP

Google has issued a patch for a high-severity type confusion vulnerability (CVE-2024-5274) in Chrome's V8 engine, actively exploited in the wild. This marks the fourth zero-day vulnerability addressed in May 2024. Users are urged to update their Chrome browser to the latest version to safeguard against potential threats.

The CVE-2024-5274 vulnerability in the Chrome browser is identified as a type confusion bug located in the V8 JavaScript and WebAssembly engine1. Type confusion occurs when a program erroneously attempts to handle data using an incompatible type, leading to a range of possible threats. This specific vulnerability is especially severe as it allows attackers to execute arbitrary code, access memory out-of-bounds, and potentially cause the browser to crash26. This flaw is part of a series of zero-day vulnerabilities that Google has been addressing in Chrome, with this particular one being reported by members of Google's Threat Analysis Group and Chrome Security16. The existence of an exploit for CVE-2024-5274 in the wild implies that it is actively being used for malicious purposes, highlighting the importance of quickly applying the provided patches to protect against potential threats3.