Google Rolls Out Fixes for Chrome’s Zero-Day Exploit
Google has swiftly responded to a series of security vulnerabilities in its Chrome browser, releasing fixes for nine issues, including a newly discovered zero-day exploit.
The zero-day, designated CVE-2024-4947, stems from a type confusion bug in the V8 JavaScript and WebAssembly engine, reported by Kaspersky researchers on May 13, 2024. Type confusion vulnerabilities can lead to out-of-bounds memory access and arbitrary code execution, posing significant risks. This marks the third zero-day patched by Google within a week, following CVE-2024-4671 and CVE-2024-4761.
No specific details about the attacks leveraging CVE-2024-4947 have been disclosed to prevent further exploitation. Google acknowledges the existence of an exploit in the wild, underscoring the urgency of applying the patch.
In total, seven zero-days have been addressed by Google in Chrome since the beginning of the year, highlighting the ongoing battle against emerging threats. These include vulnerabilities like out-of-bounds memory access, use-after-free issues, and type confusion in various components of the browser.
To mitigate potential risks, users are strongly advised to update to Chrome version 125.0.6422.60/.61 for Windows and macOS, and version 125.0.6422.60 for Linux. Additionally, users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi should promptly apply available fixes as they become available.
Google’s swift response underscores the importance of proactive security measures in safeguarding against evolving cyber threats. By promptly addressing vulnerabilities and providing updates, browser developers play a crucial role in enhancing the security posture of users worldwide.
