Google has released patches for a high severity vulnerability in its popular Chrome web browser residing within the V8 JavaScript engine and allow attackers to execute arbitrary code on users’ systems, compromising their security and privacy.
The vulnerability tracked as CVE-2024-12053 with a CVSS score of 8.8 is a Type confusion vulnerability stems when a program incorrectly interprets the type of data it is processing. This can lead to unexpected program behavior and, in this instance, could allow malicious actors to bypass Chrome’s sandbox environment, gaining unauthorized access to the underlying operating system.
The vulnerability was identified by security researchers “gal1ium” and “chluo” on November 14th, 2024. This latest security patch is part of a larger update that addresses four security issues in total.
While Google has not provided specific details about the attacks exploiting this vulnerability, the company typically restricts such information until most users have updated their browsers to mitigate potential risks.
Google promptly addressed the issue, releasing a patch in the latest Stable channel update (version 131.0.6778.108/.109 for Windows and Mac, and 131.0.6778.108 for Linux). This update is being progressively rolled out to users over the coming days and weeks.
