Update Chrome ASAP (Again)

If you happened to hear my advice on Tuesday to update Chrome ASAP , you might be surprised to see me repeating myself just three days later. However, it’s really time to update Chrome again as Google has discovered yet another zero-day vulnerability affecting its popular browser.

The company announced the update in a post on its Chrome Releases site on Thursday : New version numbers: 125.0.6422.112/.113 for Windows and Mac and 125.0.6422.112 for Linux. Regardless of which platform you’re using, this update fixes a single security vulnerability tracked as CVE-2024-5274. CVE-2024-5274 is a type confusion bug, a vulnerability in which your code does not check the type of the object it is processing. Lack of control can result in the code processing incorrect data, which attackers can take advantage of to run their own code in the process. This, of course, is not good.

The bigger issue, however, is that this is a zero-day vulnerability: Google has confirmed that it knows there is an active exploit for the vulnerability, meaning that someone, somewhere not only knows the vulnerability exists, but is also exploiting her. I took advantage of this actively.

It’s good that Google has a publicly available patch to protect against this vulnerability, but there’s a worrying trend going on here: CVE-2024-5274 is the fourth zero-day vulnerability Google has patched this month, and the eighth in 2024 . Security vulnerabilities are inevitable in software (holes will always be discovered), but it’s critical that developers and the researchers they work with discover flaws before attackers do, especially in large programs like Chrome. When companies like Google discover and fix flaws after they have been discovered and exploited by attackers, it puts all users at risk.

Let’s hope it’s a while before we hear about another zero-day affecting Chrome. In the meantime, it’s best to update your browser as soon as possible. Remember, every time a security update is released in Chrome, it affects all Chromium-based browsers, including Edge, Brave, and Opera.

How to update Chrome to fix this zero day

To update Chrome, click the three dots in the upper right corner of the browser window, then choose Help > About Google Chrome . Allow Chrome to search for a new update, then follow the onscreen instructions to download and install it.

More…

Leave a Reply