Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Google Patches Second Chrome Zero-Day in One Week

Google has patched CVE-2024-4761, the second exploited vulnerability addressed by the company within one week.

Safari, Chrome, Edge, Firefox security

Google has announced patches for another Chrome vulnerability that has been exploited in attacks. This is the second zero-day addressed by the company in one week and the third flaw leveraged in malicious attacks in 2024.

The new zero-day, tracked as CVE-2024-4761, has been described as a high-severity out-of-bounds write issue in the V8 JavaScript and WebAssembly engine. The vulnerability was reported on May 9 by an anonymous researcher.

Google says it’s aware that an exploit exists in the wild, but has not shared any information on the attacks. 

Someone claims to have already developed a proof-of-concept (PoC) exploit for CVE-2024-4761, but it’s unclear if it works. 

CVE-2024-4761 was patched just days after Google announced a Chrome update to fix CVE-2024-4671, a high-severity use-after-free bug in the Visuals component that has also been exploited in the wild

CVE-2024-4671 was also reported recently by an anonymous researcher, but it’s unclear if the two zero-days are connected. 

Google and Mandiant said in a recent report that they monitored 97 vulnerabilities exploited in the wild in 2023, a 50% increase compared to the previous year. 

Eight of the zero-days targeted Chrome. The companies said spyware vendors were behind 75% of known zero-day exploits targeting Google and Android devices in 2023.

Advertisement. Scroll to continue reading.

Related: Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS

Related: Google Patches Critical Chrome Vulnerability

Related: Google Pays Out $41,000 for Three Serious Chrome Vulnerabilities

Related: Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Fastly announced that Scott Lovett will join the company as Chief Revenue Officer, effective June 3, 2024.

Digital transformation consulting firm Synechron has hired Aaron Momin as CISO.

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

More People On The Move

Expert Insights