GET A DEMO

Voyager18 (research)

How to fix the zero-day CVE-2024-5274 in Google Chrome

CVE-2024-5274 is a critical zero-day vulnerability in Chrome. Here's everything you need to know - including how to fix it.

Orani Amroussi | May 29, 2024

Recently, Google identified and patched a fourth zero-day vulnerability in Chrome, known as CVE-2024-5274. This vulnerability has raised significant concerns within the security community due to its potential impact and active exploitation in the wild.

In this blog post, we will explore what CVE-2024-5274 is, how it affects users, and the steps you can take to protect your systems. 

TL;DR

Google recently patched a fourth zero-day vulnerability in Chrome, known as CVE-2024-5274, which allows attackers to execute malicious code. This vulnerability affects Chrome users on Windows, macOS, and Linux. It has been actively exploited, making it crucial for users to update their browsers immediately.

To protect your system, update Chrome by navigating to “Help” > “About Google Chrome” and ensure automatic updates are enabled. Additionally, enable Safe Browsing, regularly restart Chrome, and consider using security extensions. Keeping your browser up-to-date is essential to safeguard against this and other vulnerabilities.

 

What is CVE-2024-5274?

CVE-2024-5274 is a zero-day vulnerability affecting Google Chrome, identified by security researchers and promptly addressed by Google’s security team. This marks the fourth such zero-day discovered in Chrome, after three were discovered earlier this month. 

This particular vulnerability is a type of flaw that allows attackers to execute arbitrary code within the Chrome browser, potentially leading to data breaches, unauthorized access, and other malicious activities. 

The discovery of CVE-2024-5274 highlights a critical security gap in Chrome’s codebase, which attackers can exploit before it is patched. The vulnerability was found in a component of Chrome that handles specific web requests, making it a prime target for attackers looking to compromise user data and browser functionality.

Google has released updates to mitigate this vulnerability, emphasizing the need for users to update their browsers immediately to prevent exploitation. 

 

Does it affect me?

Determining whether CVE-2024-5274 affects you involves understanding the specific conditions under which this vulnerability can be exploited. This zero-day vulnerability primarily impacts users of Google Chrome across various operating systems, including Windows, macOS, and Linux. 

To assess your own system’s exposure to CVE-2024-5274, consider the following criteria: 

  1. Chrome version: The vulnerability affects specific versions of Chrome. Ensure you are using the latest version of the browser, as Google has released patches addressing this issue. 
  2. Operating system: While Chrome is a cross-platform browser, the impact of CVE-2024-5274 spans multiple operating systems. Users on Windows, macOS, and Linux platforms should be particularly vigilant. 
  3. Browser usage: If you use Chrome for sensitive activities, such as online banking, accessing personal information, or business-related tasks, the risk associated with this vulnerability increases. 

How to check your Chrome version: 

  1. Open Google Chrome. 
  2. Click on the three vertical dots in the upper right corner of the browser window. 
  3. Navigate to “Help” and select “About Google Chrome.” 
  4. A new tab will open, displaying the current version of Chrome. If an update is available, Chrome will automatically begin downloading it. 

Regularly updating your browser is essential to mitigating vulnerabilities like CVE-2024-5274. By ensuring your Chrome browser is up-to-date, you can protect yourself from potential exploits targeting this vulnerability. 

 

Has CVE-2024-5274 been actively exploited in the wild?

Yes, CVE-2024-5274 has been actively exploited in the wild. Google’s security team and several cybersecurity researchers have confirmed incidents where attackers have used this vulnerability to execute malicious code. These exploitation attempts highlight the severity of the vulnerability and the urgent need for users to update their browsers. 

Evidence of active exploitation includes reports of targeted attacks where threat actors have leveraged CVE-2024-5274 to gain unauthorized access to systems. This has primarily affected individuals and organizations using outdated versions of Chrome, underscoring the importance of timely software updates. 

Google has responded swiftly to these threats by releasing a security patch and advising users to update their browsers immediately. The company has also collaborated with other security researchers to monitor and mitigate the impact of this vulnerability, providing additional resources and guidance to help users stay protected. 

Given the active exploitation of CVE-2024-5274, it is crucial for all Chrome users to take prompt action. Ensuring that your browser is up-to-date with the latest security patches can significantly reduce the risk of falling victim to these attacks. 

 

How to fix CVE-2024-5274

  1. Update chrome: 
    • Step 1: Open Google Chrome. 
    • Step 2: Click on the three vertical dots in the upper right corner of the browser window. 
    • Step 3: Navigate to “Help” and select “About Google Chrome.” 
    • Step 4: Chrome will automatically check for updates and begin downloading the latest version if it’s not already installed. 
    • Step 5: Once the update is downloaded, click “Relaunch” to complete the installation. 
  2. Verify the update: 
    • After restarting, go back to “About Google Chrome” to confirm that you are running the latest version. The page should indicate that Chrome is up to date. 
  3. Enable automatic updates: 
    • Ensure that automatic updates are enabled to receive future security patches promptly. Chrome typically updates itself automatically, but verifying this setting can provide additional peace of mind. 
  4. Additional security measures: 
    • Enable safe browsing: Chrome’s Safe Browsing feature helps protect against phishing and malware attacks. To enable it, go to Settings > Privacy and security > Security, and select “Enhanced protection.” 
    • Regularly restart Chrome: This ensures that updates are applied as soon as they become available. 
    • Use security extensions: Consider adding trusted security extensions to your browser, such as ad blockers or anti-malware tools, for an extra layer of protection. 

 

Next steps

Each new vulnerability is a reminder of where we stand and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: 

  1. 2023 Vulnerability watch reports 
  2. The MITRE ATT&CK framework: Getting started
  3. The true impact of exploitable vulnerabilities for 2024
  4. Multi-cloud security challenges – a best practice guide
  5. How to properly tackle zero-day threats

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

“The only free RBVM tool out there The only free RBVM tool lorem ipsum out there. The only”.

Name Namerson
Head of Cyber Security Strategy

strip-img-2.png