Google has released an urgent security update for the Chrome web browser to address several high-severity vulnerabilities that could allow attackers to take control of systems remotely. The Chrome 126.0.6478.114/115 update for Windows and macOS, and 126.0.6478.114 for Linux, patches six security flaws, including one that was demonstrated at the recent TyphoonPWN hacking competition in South Korea.
The most serious flaw, tracked as CVE-2024-6100, is a type confusion vulnerability in the V8 JavaScript engine that could enable remote code execution attacks.
Other patched vulnerabilities include a WebAssembly implementation flaw (CVE-2024-6101), an out-of-bounds memory access issue in Dawn (CVE-2024-6102), and a use-after-free vulnerability in Dawn (CVE-2024-6103). These could also lead to arbitrary code execution by malicious actors.
Google have stated the flaws are being actively exploited in the wild and as such, it is critical that all Chrome users update their browsers immediately to the latest patched version on desktop and mobile platforms.
This latest Chrome incident highlights the importance of keeping software up-to-date and applying security patches as soon as they are released. Cyber criminals actively search for and attempt to exploit vulnerabilities to gain unauthorised access, steal data, and deploy malware like spyware and ransomware.
A serious security flaw has been uncovered in a popular Facebook module for the e-commerce platform PrestaShop, potentially exposing thousands of online shops and their…
Cyber criminals are increasingly exploiting trusted high street brands like Asda to lure unsuspecting victims into phishing scams. Action Fraud, the UK’s national fraud and…
A new phishing-as-a-service platform called ONNX Store has emerged, posing a severe threat to financial institutions by targeting employees’ Microsoft 365 accounts. Developed by a…
