TLDR:
- Hackers have exploited critical security flaws in Google Chrome versions prior to 124.0.6367.207
- Google has released version 125 to address these vulnerabilities and other high-risk fixes
Google Chrome users must ensure their browser is updated to version 125 as soon as possible to protect against these security vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two high-risk Chrome vulnerabilities to their Known Exploited Vulnerabilities Catalog and has urged federal agencies to update their browsers promptly. The vulnerabilities, labeled CVE-2024-4761 and CVE-2024-4671, could allow remote attackers to perform out-of-bounds memory writes and potential sandbox escapes. CISA has set resolution deadlines for these vulnerabilities, emphasizing the importance of timely remediation to reduce exposure to cyberattacks.
Google announced two additional high-risk vulnerabilities, CVE-2024-4947 and CVE-2024-4948, with at least one being actively exploited. These vulnerabilities could allow remote attackers to execute arbitrary code in a sandboxed environment via crafted HTML pages. The latest Chrome versions, 125.0.6422.60/.61 on Windows and Mac, and 125.0.6422.60 on Linux, address these vulnerabilities. Users can update Chrome by going to Settings and selecting About Chrome.
This urgent update reinforces the importance of cybersecurity hygiene and timely response to patch vulnerabilities to protect against potential cyber threats. Failure to update Chrome to the latest version could leave users vulnerable to exploitation by malicious actors.