• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Zero Day Quest returns: Microsoft ups the stakes with $5M bug bounty

 | 

Cisco disclosed a CRM data breach via vishing attack

 | 

Exposed Without a Breach: The Cost of Data Blindness

 | 

SonicWall investigates possible zero-day amid Akira ransomware surge

 | 

Chaining NVIDIA's Triton Server flaws exposes AI systems to remote takeover

 | 

Hacking group D4rk4rmy claimed the hack of Monte-Carlo Société des Bains de Mer

 | 

Northwest Radiologists data breach hits 350,000 in Washington

 | 

PlayPraetor Android RAT expands rapidly across Spanish and French-speaking regions

 | 

Lovense flaws expose emails and allow account takeover

 | 

Nation-state group CL-STA-0969 targeted Southeast Asian telecoms in 2024

 | 

Akira Ransomware targets SonicWall VPNs in likely zero-day attacks

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 56

 | 

Security Affairs newsletter Round 535 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

New Linux backdoor Plague bypasses auth via malicious PAM module

 | 

China Presses Nvidia Over Alleged Backdoors in H20 Chips Amid Tech Tensions

 | 

Malicious AI-generated npm package hits Solana users

 | 

Meta Offers $1M bounty at Pwn2Own Ireland 2025 for WhatsApp exploits

 | 

ToolShell under siege: Check Point analyzes Chinese APT Storm-2603

 | 

CISA released Thorium platform to support malware and forensic analysis

 | 

Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Hacking
  • Security
  • Google fixes sixth actively exploited Chrome zero-day this year

Google fixes sixth actively exploited Chrome zero-day this year

Pierluigi Paganini May 14, 2024

Google released emergency security updates to address an actively exploited Chrome zero-day vulnerability.

Google has released emergency security updates to address a high-severity zero-day vulnerability vulnerability, tracked as CVE-2024-4761, in the Chrome browser.

The vulnerability is an out-of-bounds write issue that resides in the V8 JavaScript engine of the Google web browser.

The company confirmed that the flaw is exploited in attacks in the wild.

“CVE-2024-4761: Out of bounds write in V8. Reported by Anonymous on 2024-05-09″ reads the advisory. “Google is aware that an exploit for CVE-2024-4761 exists in the wild.”

The company addressed the zero-day flaw with the release of 124.0.6367.207/.208 for Mac/Windows and 124.0.6367.207 for Linux. Google will roll out updates to all users over the coming days/weeks.

The vulnerability CVE-2024-4671 is the sixth zero-day exploited in attacks fixed by the IT giant this year.

As usual, Google did not publish details about the attacks exploiting the vulnerability.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed” continues the advisory.

Below is the list of actively exploited zero-day flaws in the Chrome browser that have been fixed this year:

  • CVE-2024-0519: an out of bounds memory access in the Chrome JavaScript engine. (January 2024)
  • CVE-2024-2887:  a type confusion issue that resides in WebAssembly. Manfred Paul demonstrated the vulnerability during the Pwn2Own 2024. (March 2024)
  • CVE-2024-2886: a use after free issue that resides in the WebCodecs. The flaw was demonstrated by Seunghyun Lee (@0x10n) of KAIST Hacking Lab during the Pwn2Own 2024. (March 2024)
  • CVE-2024-3159: an out-of-bounds memory access in V8 JavaScript engine. The flaw was demonstrated by Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) of Palo Alto Networks during the Pwn2Own 2024 on March 22, 2024. (March 2024)
  • CVE-2024-4671: a use-after-free issue that resides in the Visuals component (May 2024). 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Chrome)


facebook linkedin twitter

Chrome Google Hacking hacking news information security news IT Information Security Pierluigi Paganini Security News zero-Day

you might also like

Pierluigi Paganini August 05, 2025
Zero Day Quest returns: Microsoft ups the stakes with $5M bug bounty
Read more
Pierluigi Paganini August 05, 2025
Cisco disclosed a CRM data breach via vishing attack
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Zero Day Quest returns: Microsoft ups the stakes with $5M bug bounty

    Hacking / August 05, 2025

    Cisco disclosed a CRM data breach via vishing attack

    Data Breach / August 05, 2025

    Exposed Without a Breach: The Cost of Data Blindness

    Security / August 05, 2025

    SonicWall investigates possible zero-day amid Akira ransomware surge

    Security / August 05, 2025

    Chaining NVIDIA's Triton Server flaws exposes AI systems to remote takeover

    Security / August 05, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT