Alert!

Update now! Zeroday vulnerability in Google Chrome again, exploit available

Google is once again releasing an emergency update for the Chrome web browser. There is already an exploit for the zero-day vulnerability.

Security gaps in Google Chrome put users at risk.

(Bild: Bild erstellt mit KI in Bing Designer durch heise online / dmk)

May 14, 2024 at 10:43 am CEST

2 min. read

Security

By

Dirk Knop

This article was originally published in German and has been automatically translated.

Just last Friday, Google released an emergency update for the Chrome web browser because an exploit for a previously unknown vulnerability was circulating. The same thing happened again on Tuesday night: Google releases an emergency update to close a vulnerability in Chrome for which an exploit was discovered in the wild.

In the release announcement, Google's developers write that the vulnerability consists of attackers being able to provoke potential write accesses outside the intended memory limits in the JavaScript engine V8 (CVE-2024-4761, no CVSS value yet, risk"high" according to Google). Google does not provide any further details, but merely states: "Google is aware that an exploit for CVE-2024-4761 exists in the wild".

Apparently exploitable security vulnerability

Although Google does not provide any more detailed information, such vulnerabilities can often be misused to inject and execute malicious code. To do this, it is usually sufficient to display a carefully prepared website. Due to the urgency that Google obviously sees, it can be deduced that this is the case here.

The vulnerability is now closed by Chrome versions 24.0.6367.179 for Android, 124.0.6367.207 for Linux (also the new version for the extended stable releases) and 124.0.6367.207/.208 for macOS and Windows.

Everything up to date?

The version dialog reveals whether the web browser is already up to date. This opens after clicking on the settings menu, which is located behind the icon with the three stacked dots to the right of the browser's address bar, and continuing via "Help" - "About Google Chrome".

Versionsdialog von Google Chrome — The Google Chrome version dialog shows the currently active software version. If available, it also starts the update and prompts you to restart.

(Bild: Screenshot / dmk)

If the update is still missing, this starts the update process. On Linux, users usually have to start the software management of the distribution used and check for updates. On mobile devices, it is possible to search for updates in the respective app store. As the vulnerability was found in the Chromium browser, other web browsers based on it, such as Microsoft's Edge, are also affected. If updates are available, users should install them quickly.

Read also

Google Chrome: Exploit für Zero-Day-Lücke gesichtet

Last Friday, Google had already closed a zero-day vulnerability in Chrome. It affected the Visuals component of the browser and reached a risk rating of "high".

(dmk)

nach oben

Alle Angebote

Newsletter heise-Bot

${intro} ${title}