Google has addressed a high-severity security flaw in its Chrome browser that was being actively exploited. The vulnerability, identified as CVE-2024-5274, is related to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by ClĂ©ment Lecigne and Brendon Tiszka from Google’s security teams in May 2024.
Type confusion vulnerabilities occur when a program tries to access a resource with an incompatible type, leading to potential out-of-bounds memory access and arbitrary code execution by threat actors.
This is the fourth zero-day vulnerability patched by Google this month, following CVE-2024-4671, CVE-2024-4761, and CVE-2024-4947.
Google has not provided additional technical details about the flaw but has confirmed the existence of an exploit for CVE-2024-5274 in the wild. It remains unclear if this vulnerability is related to CVE-2024-4947.
Users are advised to update to Chrome version 125.0.6422.112/.113 to protect against potential threats. Chromium-based browser users should also apply available fixes.
