Google Urges Immediate Chrome Update After Active Zero-Day Exploit in V8 Engine

Google has released an emergency security update for Chrome to address a high-severity zero-day vulnerability that is being actively exploited in the wild. Tracked as CVE-2024-9430, the flaw affects Chrome’s V8 JavaScript engine and could allow remote attackers to bypass sandbox protections through specially crafted HTML pages.

According to Google, the issue is serious enough to warrant immediate action from users and administrators. The company has begun rolling out a fixed version of Chrome, 129.0.6668.100 or later, and is urging everyone to update as soon as possible to reduce the risk of compromise.

Zero-day vulnerabilities are especially dangerous because they are exploited before a full patch is widely available. In this case, attackers may be able to use malicious web content to trigger the flaw and escape Chrome’s security boundaries, potentially exposing systems to further malicious activity.

Users can check for updates manually through Chrome’s settings menu, where the browser typically installs the latest version automatically. Security experts recommend restarting the browser after updating to ensure the patch is fully applied. Organizations managing large fleets of devices should prioritize deployment of the fix across all endpoints without delay.