Slew of Google Chrome security holes leaves billions of users impacted

It's always good to make sure you install the latest updates to your computer, smartphone, and other connected devices. These updates may sometimes come with brand new features, but more importantly, they often come with security upgrades and fixes for exploits.

Case in point: The latest update for Google Chrome, Chrome 125, comes with a whopping nine security vulnerability patches.

So, make sure you open your Chrome web browser and install the latest update by clicking the Update button or clicking the three-dot menu on the upper right hand side, going to Help and then About Google Chrome in order to check for updates.

To stress how important this update is, lets break down one of those security vulnerabilities even further: It's the third zero-day vulnerability found in Chrome in just the past month alone.

Zero-day vulnerabilities in Chrome

It has not been a good month for Google Chrome when it comes to security issues.

The popular web browser has more than 2 billion users around the globe, which means at least that many people can potentially be affected by these vulnerabilities.

Zero-day vulnerabilities are the most concerning of all these security threats because it means that there are confirmed exploits being weaponized by bad actors right now to successfully attack victims.

On May 15, Google warned that  "an exploit for CVE-2024-4947 exists in the wild." The flaw, known as a "Type Confusion in V8," allows a remote attacker to exploit an error and execute their own code via an HTML page in order to destabilize the browser or system as a whole.

This zero-day exploit follows two others just this month. On May 9, Google patched CVE-2024-4671, a zero-day exploit that allowed attackers to execute a code where pointers to vacated memory were not deleted, leaving them open to abuse. Then on May 13, Google released an update for CVE-2024-4761, which allowed bad actors to attack a system through malicious HTML pages via a vulnerability affecting Chrome’s V8 Javascript engine.

All three of these vulnerabilities have been added to the U.S. Cybersecurity & Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities catalog. The U.S. has given federal agencies until June 10 to update their Chrome browsers due to these security flaws.

Three zero-day vulnerabilities in a 6 day period is certainly cause for concern, so make sure to update Google Chrome and keep your eyes peeled for any other vulnerabilities and updates to deal with them in the near future.