Google Patches Another Zero-Day Vulnerability in Chrome That Has Been Regularly Exploited

Google Patches Another Zero-Day Vulnerability in Chrome

Google Patches Another Zero-Day Vulnerability in Chrome That Has Been Regularly Exploited

A total of nine security vulnerabilities in Google’s Chrome browser have been patched, including a newly discovered zero-day flaw that has been exploited in the open.


The vulnerability, designated with the CVE identifier CVE-2024-4947, is associated with a type of confusion defect present in the V8 JavaScript and WebAssembly engine. The information was disclosed on May 13, 2024, by Kaspersky researchers Vasily Berdnikov and Boris Larin.

Type confusion vulnerabilities manifest when an application endeavors to retrieve a resource whose type is irreconcilable with its own. Threat actors are able to perform out-of-bounds memory access, induce a system malfunction, and execute arbitrary code, all of which can have severe consequences.

This represents the third zero-day vulnerability that Google has patched in the past week, following CVE-2024-4761 and CVE-2024-4671.

As is customary, further information regarding the assaults is unavailable and has been redacted to avert additional exploitation. “Google is aware that an exploit for CVE-2024-4947 exists in the wild,” according to the organization.

Seven zero-day vulnerabilities have been patched by Google in Chrome since the beginning of the year, with the addition of CVE-2024-4947.

CVE-2024-0519 Out-of-bounds memory access in V8
CVE-2024-2886 Use-after-free in WebCodecs (demonstrated at Pwn2Own 2024)
CVE-2024-2887 Type confusion in WebAssembly (demonstrated at Pwn2Own 2024)
CVE-2024-3159 Out-of-bounds memory access in V8 (demonstrated at Pwn2Own 2024)
CVE-2024-4671 Use-after-free in Visuals
CVE-2024-4761 Out-of-bounds write in V8


It is advisable for users to update to Chrome version 125.0.6422.60/.61 on Windows and macOS, and version 125.0.6422.60 on Linux, in order to proactively address potential security risks.

It is also recommended that users of Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, update to the latest available solutions.

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space.  Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM.  Naager entered the field of content in an unusual way.  He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts.  He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field.  In the bottom line, he frequently writes for Craw Security.

one year cyber security diploma course


Apple & Google’s Cross-Platform Feature Easing Detecting Unwanted Bluetooth Tracking Devices

Malicious Google Ads Used By FIN7 to Deliver NetSupport RAT

Crypto Firms Being Targeted by Golang Malware “Durian” Deployed by North Korean Hackers

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Can we help you?