Tracked as CVE-2024-5274, this is a “type confusion in V8” vulnerability with a High security rating. V8 is the JavaScript engine that drives Chrome’s handling of JavaScript code, while a type confusion error is when a program accesses a resource in a way that is incompatible with how it’s supposed to be accessed, leading to out-of-bounds memory access.
While it may sound like a minor thing, these types of flaws can lead to annoyances such as a browser crash and/or data corruption, or be more serious and enable a remote attacker to execute arbitrary code to steal your data, spy on sensitive information, or install malware.
This is the fourth zero day flaw in Chrome in May alone, and the eighth to be discovered so far this year. Others include CVE-2024-0519 (out-of-bounds memory access in V8), CVE-2024-2886 (user-after-free in WebCodecs), CVE-2024-2887 (type confusion in WebAssembly), CVE-2024-3159 (out-of-bounds memory access in V8), CVE-2024-4671 (user-after-free in Visuals), CVE-2024-4761 (out-of-bounds write in V8), and CVE-2024-4947 (type confusion in V8).
Three of those—2886, 2887, and 3159—were discovered during this year’s Pwn2Own security event. While you can wait around for Chrome to automatically patch itself, your best bet is to initiate a manual update. You can do this by clicking on the three vertical dots in the upper-right corner and navigating to Help > About Chrome.
This will prompt Chrome to search for, fetch, and install the latest build, which at the time of this writing is version 125.0.6422.113 in Windows. Let it install then click the relaunch button, with will update Chrome and reload all of your open tabs. Just be sure to save any in-browser work first.