31.9 F
Washington D.C.
Thursday, December 12, 2024

Hackers Exploit Chrome Flaws: U.S. Cyber Agency Urges Immediate Update

Google Chrome users must ensure their browser is updated, as versions prior to 124.0.6367.207 are vulnerable to critical security flaws. Following an emergency security patch, Google has released Chrome version 125, which addresses these issues and includes two additional high-risk fixes.

The Chrome team announced the stable release of version 125, which brings nine security fixes and other improvements. Users are strongly advised not to delay updating.

Two high-risk Chrome vulnerabilities have been added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities Catalog. CISA has warned federal agencies to resolve these high-risk vulnerabilities in the coming weeks.

One vulnerability, labeled CVE-2024-4761, affects Chrome versions prior to 124.0.6367.207. This “out-of-bounds write” flaw impacts the V8 JavaScript engine, which runs JavaScript code included in webpages. According to the National Vulnerability Database, it “allowed a remote attacker to perform an out-of-bounds memory write via a crafted HTML page.” CISA has set a resolution deadline of June 6, 2024, for federal agencies.

The other vulnerability, labeled CVE-2024-4671, must be fixed by June 3, 2024. It allowed remote attackers, “who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.” This flaw also affects multiple Chromium-based browsers.

Typically, CISA requires that high-risk vulnerabilities be resolved within 30 days and critical-risk vulnerabilities within 15 days. “Although BOD 22-01 only applies to Federal Civilian Executive Branch agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation,” the agency said.

Last Wednesday, Google announced two additional high-risk vulnerabilities (CVE-2024-4947 and CVE-2024-4948), with at least one exploited in the wild. The Type Confusion in V8 vulnerability could allow a remote attacker to execute arbitrary code inside a sandboxed environment via a crafted HTML page.

All these vulnerabilities are resolved in the latest Chrome versions, 125.0.6422.60/.61 on Windows and Mac, and 125.0.6422.60 on Linux. Stable versions have also been released on iOS and Android.

To update Chrome, go to Settings and select About Chrome. If the update is available, Chrome will notify you and start downloading it.

Matt Seldon
Matt Seldon
Matt Seldon, BSc., is an Editorial Associate with HSToday. He has over 20 years of experience in writing, social media, and analytics. Matt has a degree in Computer Studies from the University of South Wales in the UK. His diverse work experience includes positions at the Department for Work and Pensions and various responsibilities for a wide variety of companies in the private sector. He has been writing and editing various blogs and online content for promotional and educational purposes in his job roles since first entering the workplace. Matt has run various social media campaigns over his career on platforms including Google, Microsoft, Facebook and LinkedIn on topics surrounding promotion and education. His educational campaigns have been on topics including charity volunteering in the public sector and personal finance goals.

Related Articles

Latest Articles