Google has released quite a few security updates for its Chrome web browser in recent months. Besides the weekly scheduled security updates, Google has released updates to address 0-day vulnerabilities in Chrome.
Today, Google released another security update for Google Chrome to address a 0-day exploit. The issue affects all desktop versions of Chrome and Chrome for Android.
Chrome users may want to install the update immediately to fix the issue. Here is how that is done on desktop systems (there is no option to speed up the installation of Chrome updates on Android):
- Load chrome://settings/help in the Chrome address bar.
- Chrome displays the current version and runs a check for updates.
Updates will get installed automatically at this point, but you need to restart the browser manually to complete the update.
Chrome should return the following version after installation of the update:
- Chrome for Windows and Mac: 125.0.6422.112 or 125.0.6422.113
- Chrome Extended Stable for Windows or Mac: 124.0.6367.233
- Chrome for Linux: 125.0.6422.112
- Chrome for Android: 125.0.6422.112 or 125.0.6422.113
About the Chrome security vulnerability
The official release notes page lists basic information about the vulnerability only. It is CVE-2024-5274, a Type Confusion in V8 issue. Google has rated the vulnerability as high and notes that it is exploited in the wild.
V8 is the JavaScript and WebAssembly engine that Google Chrome uses.
In other words, systems with an outdated version of Chrome may be successfully attacked. It is unclear how the issue can be exploited, however.
The last update that fixed a 0-day vulnerability in Google Chrome was released just 2 weeks ago. It is the 8th 0-day exploit fix in Chrome in this year alone.