Cyber security news for all

More

    Google Resolves Another Actively Exploited Chrome Zero-Day Vulnerability

    Google has implemented remedies to address a collection of nine security concerns in its Chrome browser, including a fresh zero-day vulnerability that has been actively exploited.

    Given the CVE code CVE-2024-4947, this vulnerability pertains to a type confusion glitch within the V8 JavaScript and WebAssembly engine. It was brought to light by Kaspersky researchers Vasily Berdnikov and Boris Larin on May 13, 2024.

    Type confusion vulnerabilities emerge when a program endeavors to access a resource with an incompatible type. This can result in significant repercussions as it permits malicious actors to engage in out-of-bounds memory access, leading to system crashes and the execution of arbitrary code.

    This occurrence marks the third zero-day vulnerability that Google has addressed within a seven-day period, following CVE-2024-4671 and CVE-2024-4761.

    As is customary, supplementary information regarding the attacks remains undisclosed to impede further exploitation. “Google is cognizant of an exploit for CVE-2024-4947 being active in the wild,” stated the company.

    With CVE-2024-4947 included, Google has now resolved a total of seven zero-day vulnerabilities in Chrome since the year commenced:

    • CVE-2024-0519 – Out-of-bounds memory access in V8
    • CVE-2024-2886 – Use-after-free in WebCodecs (exhibited at Pwn2Own 2024)
    • CVE-2024-2887 – Type confusion in WebAssembly (exhibited at Pwn2Own 2024)
    • CVE-2024-3159 – Out-of-bounds memory access in V8 (exhibited at Pwn2Own 2024)
    • CVE-2024-4671 – Use-after-free in Visuals
    • CVE-2024-4761 – Out-of-bounds write in V8

    Users are encouraged to update to Chrome version 125.0.6422.60/.61 for Windows and macOS, and version 125.0.6422.60 for Linux to mitigate potential threats.

    Furthermore, users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are urged to implement the remedies as soon as they are made available.

    Recent Articles

    Related Stories