🔴 Update Summary: In May 2024, Google released several critical updates to address multiple zero-day vulnerabilities in the Chrome browser. These vulnerabilities were actively exploited, highlighting the urgency for users to apply updates immediately. This month possibly saw the highest release of versions/updates since December 2023.

🔍 Key Vulnerabilities Addressed in May 2024:

• CVE-2024-4761: This zero-day vulnerability involved a heap buffer overflow in WebRTC, potentially allowing attackers to execute arbitrary code. Given its critical nature, Google issued an emergency patch.
• CVE-2024-4762: This vulnerability was related to insufficient validation in Mojo, a collection of runtime libraries that facilitate inter-process communication. The flaw could be exploited for remote code execution.
• CVE-2024-4763: Another critical issue found in the JavaScript engine, which allowed attackers to bypass security restrictions and gain elevated privileges.
• CVE-2024-4764: This vulnerability involved a buffer overflow in the dynamic memory implementation of WebGL, potentially allowing remote code execution.
• CVE-2024-5274: A type confusion vulnerability in Chrome’s V8 JavaScript engine. This vulnerability allows attackers to execute arbitrary code on affected systems, potentially resulting in data theft, system corruption, and unauthorized access to sensitive information.

Impact and Recommendations: The identified vulnerabilities had significant implications, summarizing:

• Remote Code Execution: Attackers could take control of affected systems, execute arbitrary commands, and access sensitive information.
• Privilege Escalation: Exploits could allow attackers to gain higher-level access than intended, leading to broader system compromises.

🛡️ Affected Versions and Products:

The vulnerabilities impacted various versions of Chrome and potentially other Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi.

User Action: Google strongly recommended users update their browsers immediately to protect against these actively exploited vulnerabilities. The updates were part of Google's ongoing commitment to maintaining the security and integrity of its products.

The latest Stable Versions we are installing, ensuring minimal impact on security commitments, are (as of 29/5/24):

1. Chrome Desktop (Windows, Mac, Linux):
   • Ver: 125.0.6422.60 for Linux & 125.0.6422.60/.61 for Windows and Mac
2. Chrome Android:
   • Ver: 125.0.6422.53
3. Chrome iOS:
   • Ver: 125.0.6422.51
4. Chrome OS:
   • Ver: 125.0.6422.64

More:

• The Hacker News: Google Patches Yet Another Actively Exploited Zero-Day
• Google Chrome browser patches 7th zero-day vulnerability of 2024
• The Hacker News: Chrome Zero-Day Alert - Update Your Browser
• The Hacker News: New Chrome Zero-Day Vulnerability CVE-2024-4761
• Chrome Security Alert: Fourth Zero-Day Exploit Patched This Month
• The Hacker News: Google Detects 4th Chrome Zero-Day in May
• Blog de Lanzamientos de Chrome

These updates highlight the critical need for continuous vigilance and immediate action in cybersecurity to protect users from emerging threats.