Google patched another Chrome zero-day vulnerability on Monday, the second one in the span of four days.
In a blog post on Monday, Daniel Yip, technical program manager at Google, disclosed a high-severity out-of-bounds write vulnerability tracked as CVE-2024-4761.
CVE-2024-4761 affects Google Chrome's open source V8 JavaScript engine.
The scope of the exploitation remains unknown, but the vulnerability could pose issues for Chrome users since attackers continue to leverage zero-day vulnerabilities, especially in web browsers, at an increasingly fast pace.
It remains unclear how many users have been updated with a fix.
To address patch management struggles with zero-day and known vulnerabilities, Google increased the security update frequency for the web browser last year.
To address CVE-2024-4761, Mac and Windows users should update to the fixed version 124.0.6367.207/.208, while Google released 124.0.6367.207 for Linux Chrome users.
On Thursday, Google disclosed another high-severity zero-day vulnerability tracked as CVE-2024-4671.
Google provided few details for the use-after-free vulnerability, which affects the Visuals component and could allow an attacker to manipulate memory management.
Again, the vendor credited an anonymous researcher for discovering and reporting the flaw on May 7.
Google released fixes for CVE-2024-4671 in version 124.0.6367.201/.202 for Mac and Windows systems, and 124.0.6367.201 for Linux users.
Google hasn't attributed the zero-day attacks to specific threat actors or groups.
Earlier this year, Google's Threat Analysis Group and Mandiant published a joint report of zero-day vulnerability exploitation trends in 2023.
The report found that commercial spyware vendors were responsible for 75% of known zero-day exploits targeting Google products and Android devices last year.
Google did not respond to a request for comment at press time.
Arielle Waldman is a news writer for TechTarget Editorial covering enterprise security.
This Cyber News was published on www.techtarget.com. Publication date: Tue, 14 May 2024 18:13:05 +0000