Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability

By neub9
2 Min Read

May 16, 2024Newsroom

Browser Security / Vulnerability

Google has released fixes to address a series of security issues in its Chrome browser, which includes a new zero-day vulnerability that has been actively exploited.

Identified as CVE-2024-4947, the vulnerability is related to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was discovered by Kaspersky researchers Vasily Berdnikov and Boris Larin on May 13, 2024.

Type confusion vulnerabilities occur when a program tries to access a resource with an incompatible type, potentially leading to out-of-bounds memory access, crashes, and arbitrary code execution.

This is the third zero-day vulnerability patched by Google in a week, following CVE-2024-4671 and CVE-2024-4761.

No additional details about the attacks have been disclosed to prevent further exploitation. Google acknowledges the existence of an exploit for CVE-2024-4947 in the wild. Read more here.

With the resolution of CVE-2024-4947, Google has fixed a total of seven zero-day vulnerabilities in Chrome since the beginning of the year.

Users are advised to update to Chrome version 125.0.6422.60/.61 for Windows and macOS, and version 125.0.6422.60 for Linux to minimize potential risks.

Users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi should also apply the fixes as soon as they are available.

Found this article interesting? Follow us on Twitter and LinkedIn for more exclusive content.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *