A critical security alert has been issued for Google Chrome users due to a newly discovered zero-day vulnerability actively exploited by cyber attackers. This flaw targets Chrome’s JavaScript engine, V8, enabling attackers to hijack systems by directing users to specially designed websites, requiring no downloads or clicks. The vulnerability involves an “out-of-bounds read and write” bug, allowing unauthorized access to protected areas of computer memory, potentially leading to data theft or full system compromise. The threat is rated as high severity, with a CVSS score of 8.8 out of 10. The exploit’s danger lies in its delivery method—simply visiting a malicious website triggers the attack code, bypassing traditional security measures. Users are urged to update their browsers immediately, as Google has released a patch in Chrome version 137.0.7151.68 for Windows and macOS. Browsers based on Chromium, such as Microsoft Edge, Brave, and Opera, may also be affected. This incident underscores the rapid emergence and weaponization of security threats, emphasizing the necessity of timely software updates to ensure protection.
Is Your Chrome Browser at Risk from a Zero-Day Exploit?
