Alert!

Chrome: Another zero-day vulnerability closed with update

Google is updating the Chrome web browser for the third time in a week. Once again, an exploit for a zero-day vulnerability is circulating.

Security gaps in Google Chrome put users at risk.

(Bild: Bild erstellt mit KI in Bing Designer durch heise online / dmk)

May 18, 2024 at 11:53 pm CEST

3 min. read

Security

By

Dirk Knop

This article was originally published in German and has been automatically translated.

Google is once again releasing an emergency security update for the Chrome web browser. An exploit for a new zero-day vulnerability in the browser is once again circulating in the wild. The provider is also making the version jump to the 125 development branch.

In the version announcement, Google's developers write that the new version seals a total of nine security vulnerabilities. They only provide brief information on four of them, five of which were found internally. Two were classified as high risk, one as medium and one as low threat.

Zero-day vulnerability with exploit

One type-confusion vulnerability affects the Javascript engine V8. Here, processed data types do not match those provided in the program code, which can lead to memory limits being exceeded and, in some cases, to the execution of subverted code. In this case, attackers can abuse the vulnerability, for example with a maliciously manipulated website, to execute arbitrary code within a sandbox(CVE-2024-4947, no CVSS value, risk"high" according to Google). Google is aware of exploits for this vulnerability that are circulating in the wild.

The new versions also close a use-after-free vulnerability in the Dawn browser component (CVE-2024-4948, high) and one in the V8 JavaScript engine (CVE-2024-4949, medium) as well as an inappropriate implementation in downloads (CVE-2024-4950, low).

The secured browser versions are now Chrome 125.0.6422.53 for Android, 125.0.6422.60 for Linux and 125.0.6422.60/.61 for macOS and Windows. The extended stable version has also been updated to 124.0.6367.221 for macOS and Windows. Anyone using Google Chrome should ensure that the latest version is installed and active.

Ensure that the latest version is running

The Google Chrome version dialog shows the current software version and starts the update process if necessary. Users can get there by clicking on the web browser's settings menu, which is located behind the icon with the three stacked dots to the right of the address bar, and continuing via "Help" – "About Google Chrome".

Versionsdialog von Google Chrome — The version dialog of Google Chrome shows the currently running software version. If available, it also starts the update process.

(Bild: Screenshot / dmk)

If you use Chrome under Linux, you usually start the software management of the distribution, used to search for updates. As the errors affect the Chromium web browser, on which other browsers such as Microsoft's Edge are also based, an update for the other derived web browsers should also be available shortly. Users should install this immediately.

Read also

Jetzt updaten! Erneut Zeroday-Lücke in Google Chrome, Exploit verfügbar

Google Chrome: Exploit für Zero-Day-Lücke gesichtet

There is currently an unusual accumulation of exploits in circulation that can be used to attack previously unknown vulnerabilities in Chrome, so-called zero-day vulnerabilities. Google had already released emergency updates on Friday last week and Tuesday this week that plugged such vulnerabilities.

(dmk)

nach oben

Alle Angebote

Newsletter heise-Bot

${intro} ${title}