Google Fixes Third Chrome Zero-day Vulnerability In A Week

Google on Monday released an emergency security update for its Chrome browser to fix a new zero-day that has been exploited in the wild.

This is the third exploited Chrome zero-day flaw that has been patched within a week and the seventh zero-day exploit targeting Chrome users this year.

The vulnerability, which was assigned the CVE identifier โ€˜CVE-2024-4947,โ€™ affected the Type Confusion in V8 JavaScript and the WebAssembly engine in Google Chrome, an important component responsible for running web apps and websites.

This high-severity zero-day vulnerability can be particularly dangerous.

It allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, possibly compromising sensitive data and taking control of targeted devices.

The flaw was identified by Kaspersky researchers, Vasily Berdnikov and Boris Larin and reported to Google on May 13, 2024.

“Google is aware that an exploit for CVE-2024-4947 exists in the wild,” the search giant wrote in aย security advisory published on Wednesday.

The company swiftly addressed the zero-day flaw with the release of Chrome 125.0.6422.60 (Linux) and 125.0.6422.60/.61( Windows, Mac), which brings several fixes and improvements to the browsers.

The new versions are expected to roll out to all users as part of a stable channel update over the coming days and weeks.

Although Google has confirmed the CVE-2024-4947 flaw was exploited in the wild, the company has not provided any further information about these attacks to avoid further exploitation by other cyber criminals.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” Google said.

Although Chrome automatically updates when security patches are available, users are recommended to manually upgrade to Chrome version 125.0.6422.60 for Linux and version 125.0.6422.60/.61 for Windows and macOS to protect themselves against potential cyberattacks.

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!
spot_img

Read More

Suggested Post