Google Chrome users warned to 'update' browser immediately over 'high threat'

Millions of Google Chrome users have been warned they must update an app now after a "high" level bug was discovered. Researchers at Google have found a serious security threat, CVE identifier CVE-2024-5274, which is a type of confusion bug in the V8 JavaScript and WebAssembly engine.

The issue was flagged by the Google Threat Analysis team and Chrome Security on May 20. The security breach has been causing an "out-of-bounds memory access" issue in Chrome’s V8 JavaScript engine and was already being actively exploited before Google patched it.

Experts have now urged Google Chrome users to upgrade to Chrome version 125.0.6422.112/.113 for Windows and macOS, and version 125.0.6422.112 for Linux to mitigate potential threats. The vulnerabilities are caused by a Type Confusion bug in the V8 JavaScript engine and also affect other Chromium-based browsers, including Microsoft Edge.

READ MORE Brits in Spain and Portugal told to prepare for 'dramatic' shift starting today

Successful exploitation of the vulnerabilities could allow an attacker to perform remote code execution via a crafted malicious HTML page. Google confirmed: " The Stable channel has been updated to 125.0.6422.112/.113 for Windows, Mac and 125.0.6422.112 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

"Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

"Google is aware that an exploit for CVE-2024-5274 exists in the wild." It went on to add, as it urged Chrome users to update their browsers immediately over the threat this week: "We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel."