Urgent Security Patches Issued for Google Chrome and FortiWeb
This week brings critical cybersecurity alerts for both everyday internet users and network administrators, as major vulnerabilities have been discovered in Google Chrome and Fortinet’s FortiWeb application firewall. Proactive measures are essential to protect against these threats, one of which is already being actively used by attackers.
Here’s a breakdown of what you need to know and how to secure your systems immediately.
Google Patches Actively Exploited Chrome Zero-Day Vulnerability
Google has released an emergency security update for its Chrome web browser to fix a high-severity zero-day vulnerability. The flaw, tracked as CVE-2024-5274, is a “Type Confusion” weakness in the V8 JavaScript engine, which is the component responsible for processing JavaScript code on websites.
What makes this particular vulnerability so dangerous is that it is being actively exploited in the wild. This means attackers have already developed and are using malicious code to target Chrome users. A successful exploit could allow a remote attacker to execute arbitrary code on a victim’s computer simply by tricking them into visiting a specially crafted malicious website. This could lead to data theft, malware installation, or a complete system takeover.
This marks the eighth zero-day vulnerability that Google has patched in Chrome this year alone, highlighting the persistent efforts of threat actors to find and exploit browser flaws.
How to Protect Yourself:
It is crucial for all Chrome users to update their browser immediately. The update is being rolled out now, and you can ensure your browser is protected by following these simple steps:
- Click the three-dot menu in the top-right corner of Chrome.
- Go to Help > About Google Chrome.
- The browser will automatically check for the latest update and begin downloading it.
- Once the download is complete, you must relaunch your browser to apply the patch.
The patched versions are 125.0.6422.112/.113 for Windows and macOS and 125.0.6422.112 for Linux.
Fortinet Addresses Critical SQL Injection Flaw in FortiWeb
For network and security administrators, Fortinet has issued a patch for a critical vulnerability in its FortiWeb web application firewall (WAF). The vulnerability, identified as CVE-2024-21770, is a severe SQL injection flaw in the product’s management interface.
This flaw has been assigned a CVSS score of 9.2 out of 10, rating it as “Critical.” It could allow an unauthenticated, remote attacker to gain full control over the affected device by sending crafted requests to the management interface. SQL injection attacks manipulate a website’s backend database, potentially allowing attackers to bypass authentication, steal sensitive information, or execute commands on the system.
Given FortiWeb’s role in protecting web applications from such attacks, a vulnerability in the firewall itself presents a significant risk to an organization’s security posture.
Affected Versions and How to Mitigate:
The vulnerability impacts the following versions of FortiWeb:
- FortiWeb version 7.4.0 through 7.4.2
- FortiWeb version 7.2.0 through 7.2.3
- FortiWeb version 7.0.0 through 7.0.8
- FortiWeb version 6.3 through 6.3.22
Immediate action is required. Administrators should update to a patched version as soon as possible:
- FortiWeb version 7.4.3 or above
- FortiWeb version 7.2.4 or above
- FortiWeb version 7.0.9 or above
If immediate patching is not possible, Fortinet recommends a temporary workaround: disable access to the management interface from untrusted networks. However, this should only be considered a temporary fix, as patching is the only way to fully resolve the vulnerability.
Stay Vigilant, Stay Secure
These two high-impact vulnerabilities serve as a powerful reminder that proactive security is not optional. Whether you are an individual user or managing enterprise infrastructure, regularly updating your software and systems is one of the most effective defenses against cyber threats. Don’t delay—check your Chrome browser and FortiWeb appliances and apply these critical patches today.
Source: https://www.helpnetsecurity.com/2025/07/20/week-in-review-google-fixes-zero-day-vulnerability-in-chrome-critical-sql-injection-flaw-in-fortiweb/
