Emergency Fix 0day: Google protected Chrome users from data disclosure


Reaction score
An actively exploited vulnerability allows a hacker to gain control over the victim.

Google released emergency security updates for the Chrome browser to address a zero-day vulnerability that is actively used in attacks.

Vulnerability CVE-2024-4761 is related to the problem of writing data out of bounds in the V8 JavaScript engine, which is responsible for executing JavaScript code in the browser. These problems occur when a program is allowed to write data outside the specified array or buffer, which can lead to unauthorized access to the data, arbitrary code execution, or program crashes. Google also noted that it is aware of the existence of an exploit for CVE-2024-4761.

The company fixed the vulnerability in Chrome versions 124.0.6367.207/.208 for Mac and Windows and 124.0.6367.207 for Linux. Updates will be gradually distributed to all users in the coming days and weeks. For users of the Extended Stable channel, the fixes will be available in version 124.0.6367.207 for Mac and Windows.

Chrome updates automatically when a new security update is available, but users can verify that they are using the latest version by going to Settings > About Chrome Browser, waiting for the update to complete, and then clicking Restart to apply the changes.