Attention, Chrome users: It’s time to update your browser. Google dropped an update on Wednesday for Chrome on Windows, Mac, and Linux, and while that “Update” button in the corner of your browser window can be all too easy to ignore, you really shouldn’t.
Chrome 125 includes patches for nine security vulnerabilities. While all security flaws are important to fix as soon as possible, one of the vulnerabilities in particular is of the most concern: This flaw is tracked as CVE-2024-4947, a “Type Confusion in V8,” which occurs when a piece of code doesn’t verify the object it’s being passed to. In other words, the wrong functions end up attached to the wrong code, which bad actors can take advantage of to potentially run their own code on your device.
While that type of flaw is bad enough, it wouldn’t necessarily be singled out like this on its own. What makes CVE-2024-4947 so nasty is that it’s a zero-day, a flaw that has an active exploit out in the wild. That means bad actors somewhere not only know about the vulnerability, they’ve used it to hack into something. Tech companies like Google rarely give us more information than this related to zero-days, but when you see a flaw identified as such, it should send off warning signs in your head to update your stuff as soon as possible.
To make matters worse, this is the third zero-day vulnerability affecting Chrome that Google has identified this month. On May 9, Google released an update for the desktop Chrome app to patch CVE-2024-4671, a use-after-free vulnerability where a program does not clear a pointer to memory after using it. Then, on May 13, Google released a subsequent update patching CVE-2024-4761, an out of bounds write vulnerability that could allow bad actors to access data they should not be able to.
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added all three flaws to their Known Exploited Vulnerabilities catalog. Federal agencies have until June 10 to update their Chrome browsers, which is quite a generous amount of time. If I were you, I’d update right now.
How to update Google Chrome
To update Google Chrome, click the “Update” button if preset. If not, click the three dots in the top right of the window, then go to Help > About Google Chrome. Let Chrome check for updates, then, when the update is preset, follow the on-screen instructions to download and install it.
