Google has released an emergency security update for its Chrome browser to address a zero-day vulnerability said to have been exploited in the wild.
Tracked as CVE-2024-4761, the flaw is an out-of-bounds write issue stemming from a boundary error when processing untrusted HTML content in V8. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.
As per its policy, the tech giant didn’t reveal any additional details regarding the nature of the exploitation of this vulnerability, only noting that it “is aware that an exploit for CVE-2024-4761 exists in the wild.”
The company addressed the issue with the release of 124.0.6367.207/.208 for Mac/Windows and 124.0.6367.207 for Linux.
CVE-2024-4761 is the sixth Chrome zero-day flaw fixed by Google since the beginning of 2024. Last week, the company addressed another zero-day issue (CVE-2024-4671) in Chrome allowing remote code execution.
In other news, Apple has rolled out security updates for its mobile and desktop operation systems to address a slew of security flaws, including a memory corruption bug (CVE-2024-23296) in RTKit that the company says “may have been exploited” in the wild. The vulnerability affects older Apple devices such as iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation. In March, Apple fixed the flaw on newer iPhone, iPad, and Mac models and now the vendor backported the fix for older devices.