Plataforma
- Plataforma
- Plataforma
  Toda la inteligencia sobre activos tecnológicos en un solo lugar.
- Descubrimiento de activos
  Descubrimiento en profundidad en todo el patrimonio tecnológico.
- Gestión de activos
  Todos los datos de activos unificados en un solo lugar.
- Análisis de activos
  Empodera tu toma de decisiones con datos confiables.
PRUEBA AHORA
¿Por qué Lansweeper?
Integraciones
Socios
- Socios
- Socios
  Aproveche el poder de nuestros datos para acelerar el crecimiento.
- MSP
  Supere las expectativas de los clientes con servicios gestionados basados en datos.
- Socios tecnológicos
  Integre o incorpore nuestra tecnología para desarrollar soluciones más inteligentes.
- Socios de canal
  Ya sea que ofrezca servicios, distribuya, asesore o revenda, tenemos programas de socios para ayudarle a crecer.
PRUEBA AHORA
Precios

PRUEBA AHORA

Vulnerability

Google Fixes Four Exploited Zero-Day Vulnerabilities

2 min. read

16/05/2024

By Esben Dochy

Contents

Google Chrome 124/125 Vulnerabilities
Update Vulnerable Chrome Installations

Remember to Update Microsoft Edge
Discover Vulnerable Chrome Installs

⚡ TL;DR | Go Straight to the Google Chrome 124/125 Vulnerability Audit Report

On May 9th, Google released security updates for Chrome 124 for Windows, Linux, and Mac in response to one specific critical security issue, CVE-2024-4671. This vulnerability allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Google Chrome 124/125 Vulnerabilities

Update 3: A fourth zero-day vulnerability, CVE-2024-5274, has been patched on May 23.

Update 2: A third zero-day vulnerability, CVE-2024-4947, has been patched on May 15 along with 8 other security fixes.

Update: Google released another emergency patch on May 13 to fix a second actively exploited zero-day CVE-2024-4761.

The security updates are specifically aimed at fixing critical zero-day vulnerabilities:

CVE-2024-4671: Use after free in Visuals
CVE-2024-4761: Out of bounds write in V8
CVE-2024-4947: Type Confusion in V8
CVE-20 24-5274: Type Confusion in V8

Update Vulnerable Chrome Installations

Google has updated the Stable channel to 125.0.6422.112/.113 for Windows and Mac and 125.0.6422.112 for Linux. Google has not yet mentioned anything about the Extended Stable channel.

Most importantly on the official release pages, it lists that Google is aware that exploits exist for these zero-day vulnerabilities.

Remember to Update Microsoft Edge

Since Microsoft Edge is also a Chromium-based browser, we can expect an Edge security update soon to respond to the same vulnerabilities. You can always check what version your instances of Edge are on using our Edge Version Audit Report. This report will give you an overview of all instances of Microsoft Edge in your environment along with their version number.

Discover Vulnerable Chrome Installs

We have added an updated audit report to your Lansweeper installations to help you locate any vulnerable instances of Google Chrome in your network. This report will give you an actionable list of installations that haven’t been updated to the fixed version yet. You can get the report via the link below.

chrome 124 zero day report example

Run the Google Chrome 124/125 Vulnerability Audit