Google has released updates to address an actively exploited vulnerability in the Chrome browser. Tracked as CVE-2024-4761, Google has given the vulnerability a high severity rating. The out-of-bounds write vulnerability impacts the V8 JavaScript engine. The engine executes JS code in the application.
CISA acknowledged the active exploitation of the vulnerability by adding it to its Known Exploited Vulnerabilities Catalog. CISA requested users to patch the flaw before June 6, 2024.
This is the sixth zero-day vulnerability fixed in 2024. The list includes:
- CVE-2024-0519
- CVE-2024-2887
- CVE-2024-2886
- CVE-2024-3159
- CVE-2024-4671
Affected Versions
Google Chrome versions before 124.0.6367.207 are affected by this vulnerability.
Mitigation
Customers are requested to upgrade to the latest stable channel version 124.0.6367.207/.208 for Mac and Windows and 124.0.6367.207 for Linux.
In the coming weeks, Google will release Extended Stable channel version 124.0.6367.207 for Mac and Windows.
For more information, please refer to the Google Chrome Release Page.
Qualys Detection
Qualys customers can scan their devices with QIDs 379800 and 379811 to detect vulnerable assets.
Microsoft has released the Edge Stable Channel (Version 124.0.2478.105) to address CVE-2024-4761, which the Chromium team has reported as being exploited in the wild.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html