Chrome Zero-Days: A Bad 2024

The fourth zero-day in the last two weeks and eighth in 2024, mark a bad year for Chrome and Chrome based browsers (like Opera). Not only that but Google is aware that an exploit for CVE-2024-5274 exists in the wild, meaning that those who aren’t patched are likely to be compromised.

While browser exploitation is not the easiest to accomplish without an attacker having access to the internal network or sending a convincing phishing exploit, they are not impossible. Beyond that, they are favorites for hackers to target, as they know that many companies struggle with third-party application patching. Commercial spyware vendors are known to stay on top of these vulnerabilities and to leverage exploits before they are publicly known.

This highlights a need for companies to not only manage Windows, Apple, or Linux OS updates; but to know and catalog what other applications are being used in the company. If third-party apps like browsers are tightly controlled, they can become a gaping hole in the environment. If you find yourself struggling with managing third-party application vulnerabilities, reach out to us to see how GlassPortal can help: demo@glassportal.io.