The Download
Yes, this is another one. Last week we described a zero-day Google Chrome vulnerability that was being actively exploited. Google Chrome has another zero-day vulnerability published, CVE-2024-5274. So, if you haven't updated Google Chrome yet, it's time to do it now for all of your endpoints. This is the eighth actively exploited zero-day in Chrome this year. Google Chrome presents a sizable attack surface that simply by surfing or by phishing can be exploited to compromise the endpoint the browser is running on. As the browser with the largest market share, actively exploited zero-days in Chrome make it a ripe target for phishing campaigns, malvertising, and Web-based watering hole attacks.
What You Can Do
This one is easy. First make sure Google is set to auto-update, but then go ahead and update all Google Chrome instances on the networks you manage.
To Learn More: