Google has released several security updates to fix the first zero-day vulnerability in Chrome exploited since the beginning of the year: “Google is aware of the existence of an exploit for CVE-2024-0519“, the company said in a security advisory published this Tuesday.
Zero-day vulnerabilities are security flaws in a computer program that hackers can exploit to attack users before the developer realizes it and fixes it. These types of flaws/bugs, which are a nightmare for software companies, are usually detected shortly after the program’s release, although sometimes they persist for years and years without being discovered.
Google has fixed this zero-day vulnerability for users of the Stable Desktop channel, and patched versions have already been distributed worldwide to Windows users (120.0.6099.224/225), Mac users (120.0.6099.234), and Linux users (120.0.6099.224) just one week after it was reported to Google.
The update is now available for manual download, although users can also choose to let Google Chrome update automatically if this option is enabled in the browser settings (the installation of updates takes place when the browser is closed, so you will need to restart it if you want to apply this security patch).
Although Google is aware of the zero-day exploits CVE-2024-0519 used in the attacks, the company has not yet shared more details about these incidents. “Access to error details and links may be restricted until the majority of users have updated with a solution,” Google said. “We will also maintain restrictions if the flaw exists in a third-party library that other projects depend on in a similar way, but has not yet been fixed.”