Jetzt Ausprobieren

Vulnerability

Google Fixes Four Exploited Zero-Day Vulnerabilities

2 min. read
16/05/2024
By Esben Dochy
chrome vulnerability

 TL;DR | Go Straight to the Google Chrome 124/125 Vulnerability Audit Report

On May 9th, Google released security updates for Chrome 124 for Windows, Linux, and Mac in response to one specific critical security issue, CVE-2024-4671. This vulnerability allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Google Chrome 124/125 Vulnerabilities

Update 3: A fourth zero-day vulnerability, CVE-2024-5274, has been patched on May 23.

Update 2: A third zero-day vulnerability, CVE-2024-4947, has been patched on May 15 along with 8 other security fixes.

Update: Google released another emergency patch on May 13 to fix a second actively exploited zero-day CVE-2024-4761.

The security updates are specifically aimed at fixing critical zero-day vulnerabilities:

Update Vulnerable Chrome Installations

Google has updated the Stable channel to 125.0.6422.112/.113 for Windows and Mac and 125.0.6422.112 for Linux. Google has not yet mentioned anything about the Extended Stable channel.

Most importantly on the official release pages, it lists that Google is aware that exploits exist for these zero-day vulnerabilities.

Remember to Update Microsoft Edge

Since Microsoft Edge is also a Chromium-based browser, we can expect an Edge security update soon to respond to the same vulnerabilities. You can always check what version your instances of Edge are on using our Edge Version Audit Report. This report will give you an overview of all instances of Microsoft Edge in your environment along with their version number.

Discover Vulnerable Chrome Installs

We have added an updated audit report to your Lansweeper installations to help you locate any vulnerable instances of Google Chrome in your network. This report will give you an actionable list of installations that haven’t been updated to the fixed version yet. You can get the report via the link below.

chrome 124 zero day report example