Google Patches Another Zero-Day Vulnerability in Chrome That Has Been Regularly Exploited
Google Patches Another Zero-Day Vulnerability in Chrome That Has Been Regularly Exploited
A total of nine security vulnerabilities in Google’s Chrome browser have been patched, including a newly discovered zero-day flaw that has been exploited in the open.
The vulnerability, designated with the CVE identifier CVE-2024-4947, is associated with a type of confusion defect present in the V8 JavaScript and WebAssembly engine. The information was disclosed on May 13, 2024, by Kaspersky researchers Vasily Berdnikov and Boris Larin.
Type confusion vulnerabilities manifest when an application endeavors to retrieve a resource whose type is irreconcilable with its own. Threat actors are able to perform out-of-bounds memory access, induce a system malfunction, and execute arbitrary code, all of which can have severe consequences.
This represents the third zero-day vulnerability that Google has patched in the past week, following CVE-2024-4761 and CVE-2024-4671.
As is customary, further information regarding the assaults is unavailable and has been redacted to avert additional exploitation. “Google is aware that an exploit for CVE-2024-4947 exists in the wild,” according to the organization.
Seven zero-day vulnerabilities have been patched by Google in Chrome since the beginning of the year, with the addition of CVE-2024-4947.
| CVE-2024-0519 | Out-of-bounds memory access in V8 |
| CVE-2024-2886 | Use-after-free in WebCodecs (demonstrated at Pwn2Own 2024) |
| CVE-2024-2887 | Type confusion in WebAssembly (demonstrated at Pwn2Own 2024) |
| CVE-2024-3159 | Out-of-bounds memory access in V8 (demonstrated at Pwn2Own 2024) |
| CVE-2024-4671 | Use-after-free in Visuals |
| CVE-2024-4761 | Out-of-bounds write in V8 |
It is advisable for users to update to Chrome version 125.0.6422.60/.61 on Windows and macOS, and version 125.0.6422.60 on Linux, in order to proactively address potential security risks.
It is also recommended that users of Chromium-based browsers, including Microsoft Edge, Brave, Opera, and Vivaldi, update to the latest available solutions.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
READ MORE ARTICLE HERE
Apple & Google’s Cross-Platform Feature Easing Detecting Unwanted Bluetooth Tracking Devices
Malicious Google Ads Used By FIN7 to Deliver NetSupport RAT
Crypto Firms Being Targeted by Golang Malware “Durian” Deployed by North Korean Hackers
About Author
English