Google has issued an emergency Chrome update and warned that hackers are already exploiting a dangerous zero-day vulnerability. Attackers can craft malicious websites that compromise users just by visiting.
A very serious security flaw exists in Google Chrome’s JavaScript engine, called V8. The vulnerability enables “out of bounds read and write,” which means malicious code can peek at and edit memory it isn’t supposed to access. Hackers could inject malicious code directly into memory, leading to data theft and system compromise.
And users wouldn’t need to download or run anything – a malicious website would run just by visiting it, bypassing any security warnings.
“Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” the vulnerability description reads.
The zero-day vulnerability is marked as high (8.8 out of 10) severity.
However, Google warns that hackers have already been abusing it in the wild, and the exploits are available.
To bolster your security, make sure you’re using Google Chrome version 137.0.7151.68 or later. Updates are available for Chrome on Windows and Mac, and the Linux versions’ patch rolls out over the coming days and weeks.
Users on other Chromium-based browsers should also be concerned, because they all use the same V8 JavaScript engine. It’s likely that other vendors will be rolling out their updates soon.
Your email address will not be published. Required fields are markedmarked