Google has fixed a new zero-day flaw in Chrome that hackers are using in their attacks just days after addressing a similar flaw.
As reported by BleepingComputer, these new emergency security updates fix an out-of-bounds write bug (tracked as CVE-2024-4761) in Chrome’s V8 JavaScript engine. These types of flaws typically occur when a program is allowed to write data outside of a specified array or buffer, which can potentially lead to unauthorized access, arbitrary code execution or even crashes.
In a new security advisory, Google explained that it is aware of the fact that an exploit for this zero-day exists in the wild. However, just like with the use-after-free bug the search giant patched only a few days ago, details about the flaw itself are being “restricted until a majority of users are updated with a fix.”
Google has patched this new zero-day with the release of Chrome version 124.0.6367.207/.208 for Mac and Windows, and updates will begin rolling out to all users over the coming days or even weeks.
How to stay safe from zero-day attacks
Unlike with other cyberattacks, there isn’t much you can do to stay safe from attacks that leverage zero-day vulnerabilities besides keeping your browser and other software updated to the latest version.
In Chrome, Google uses a color-coded warning system to inform you that a new update is available for its browser. If you look at your profile picture, a bubble will appear next to it when there’s an update. It will be green for a 2-day-old update, orange for a 4-day-old update and red when an update was released at least a week ago.
For those who don’t want to wait for this bubble to appear, you can also manually check to see if an update for Chrome is available by clicking on the three-dot menu in the upper right-hand corner of your browser. From there, you need to open Settings and then go to About Chrome. If an update is ready to be installed, Chrome will automatically begin downloading it, and it will be applied the next time you restart your browser.
In addition to keeping Chrome up to date, you should also consider using the best antivirus software on your PC, the best Mac antivirus software on your Mac and one of the best Android antivirus apps on your Android smartphone. Combining regular software updates with antivirus software will protect you and your devices from the latest threats.
So far this year, this is the sixth zero-day flaw in Chrome that Google has discovered and subsequently patched. These kinds of stories may seem scary at first, but by finding and fixing these flaws, the search giant is ensuring that users won’t be attacked by hackers when using its browser.
More from Tom's Guide
- This Android malware is stealing passwords by impersonating popular apps
- 3 Google Chrome features to activate now if you want to stay safe online
- Massive Dell data breach hits 49 million users — what you need to know
