Google has announced patches for another Chrome vulnerability that has been exploited in attacks. This is the second zero-day addressed by the company in one week and the third flaw leveraged in malicious attacks in 2024.
The new zero-day, tracked as CVE-2024-4761, has been described as a high-severity out-of-bounds write issue in the V8 JavaScript and WebAssembly engine. The vulnerability was reported on May 9 by an anonymous researcher.
Google says it’s aware that an exploit exists in the wild, but has not shared any information on the attacks.
Someone claims to have already developed a proof-of-concept (PoC) exploit for CVE-2024-4761, but it’s unclear if it works.
CVE-2024-4761 was patched just days after Google announced a Chrome update to fix CVE-2024-4671, a high-severity use-after-free bug in the Visuals component that has also been exploited in the wild.
CVE-2024-4671 was also reported recently by an anonymous researcher, but it’s unclear if the two zero-days are connected.
Google and Mandiant said in a recent report that they monitored 97 vulnerabilities exploited in the wild in 2023, a 50% increase compared to the previous year.
Eight of the zero-days targeted Chrome. The companies said spyware vendors were behind 75% of known zero-day exploits targeting Google and Android devices in 2023.
Related: Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS
Related: Google Patches Critical Chrome Vulnerability
Related: Google Pays Out $41,000 for Three Serious Chrome Vulnerabilities
Related: Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own
