CISA Warns: Actively Exploited Chrome Zero-Day Joins ‘Must-Patch’ List

CVE-2024-5274 exploit

The Cybersecurity and Infrastructure Security Agency (CISA) has added another critical vulnerability to its Known Exploited Vulnerabilities Catalog, highlighting the urgent need for Google Chrome users to update their browsers. The flaw, designated as CVE-2024-5274, was recently patched by Google after being exploited in the wild. This marks the eighth zero-day vulnerability found in Chrome this year alone, underscoring the escalating threat landscape faced by internet users.

High-Severity Type Confusion Bug Opens Door for Attackers

The vulnerability resides within the Chromium V8 JavaScript engine, the powerhouse behind Chrome’s functionality. It stems from a type confusion error, a class of bug that can allow attackers to execute arbitrary code on a victim’s machine. While Google has acknowledged the existence of active attacks exploiting CVE-2024-5274, details remain scarce as the company prioritizes widespread patch adoption.

The vulnerability was reported by Clément Lecigne of Google’s Threat Analysis Group and Brendon Tiszka of Chrome Security on May 20, 2024. Google disclosed the issue in a security advisory published last week, stating, “We are aware of reports that an exploit for CVE-2024-5274 exists in the wild.”

The Urgency of Updating: A Race Against Time

With federal agencies given a deadline of June 18th to address the vulnerability, the message is clear: update your Chrome browser now. Users on Windows and Mac should be running version 125.0.6422.112/.113, while Linux users will receive their update in the coming weeks. Delaying this crucial update could leave your system exposed to malicious actors seeking to exploit the flaw.