Update Chrome right now — four zero-day flaws used by hackers have already been patched this month

and image of the Google Chrome logo on a laptop
(Image credit: Shutterstock)

To stay safe from hackers online, one of the most important things you can do is to keep your software up to date by installing the latest patches as soon as they become available. However, if you’re a Chrome user, you’ve likely already been prompted to update your browser several times this month alone.

While Google has now patched eight zero-day vulnerabilities in its browser since the beginning of this year, four of them were discovered and fixed in May alone. As reported by The Hacker News, the search giant has now rolled out another fix to address the latest high-severity security flaw in Chrome.

Tracked as CVE-2024-5274, this new zero-day is a type of confusion bug in the V8 JavaScript and WebAssembly engine, which, in addition to Chrome, is also used in Microsoft Edge, Brave, Opera, Vivaldi and other Chromium-based browsers. This security flaw was discovered by Google’s own Clément Lecigne with the company’s Threat Analysis Group (TAG).

For those unfamiliar, type confusion vulnerabilities occur when a program tries to access a resource with an incompatible type. This can lead to all sorts of problems while allowing an attacker to perform out-of-bounds memory access, cause a program to crash or execute arbitrary code.

While Google hasn’t said too much regarding this particular zero-day, it did acknowledge that it is aware an exploit for the vulnerability exists in the wild. As it often does, though, the company is playing things close to the chest while giving Chrome users plenty of time to upgrade without giving hackers any ideas on how they can use this security flaw in their attacks.

How to stay safe from browser-based attacks

A screenshot of the update icon in Google Chrome

(Image credit: Google)

Like I said before, the easiest and most important thing you can do to stay safe from attacks leveraging zero-day flaws like the one described above is to keep your software updated. Hackers love to prey on users running old versions of popular software, especially when a fix has already been released.

When it comes to how you can tell if an update is available, Google uses a color-coded warning system in Chrome. If you look at your profile picture, a bubble will appear next to it when there’s an update. It will be green for a 2-day-old update, orange for a 4-day-old update and red when an update was released at least a week ago.

For those who don’t want to wait for this bubble to appear, you can also manually check to see if an update for Chrome is available by clicking on the three-dot menu in the upper right-hand corner of your browser. From there, you need to open Settings and then go to About Chrome. If an update is ready to be installed, Chrome will automatically begin downloading it, and it will be applied the next time you restart your browser.

Besides updating your browser, operating system and other software, you should also use the best antivirus software on your PC, the best Mac antivirus software on your Apple computer and one of the best Android antivirus apps on your Android smartphone to stay safe from hackers.

While four zero-day flaws in a single month may sound like a lot, at least Google is taking the time to patch them quickly so that hackers can’t leverage these flaws in their attacks anymore. Last year, though, eight zero-days were discovered and patched in Chrome, so we’re already at the same point, less than halfway through 2024. 

I expect we’ll see even more Chrome zero-days before this year is over, so you’ll want to keep your browser updated regularly to stay protected.

More from Tom's Guide

Contract Length
Showing 2 of 2 deals
Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.