Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability

16-05-2024
Share
Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability

Assigned the CVE identifier CVE-2024-4947, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Kaspersky researchers Vasily Berdnikov and Boris Larin on May 13, 2024.

Type confusion vulnerabilities arise when a program attempts to access a resource with an incompatible type. It can have serious impacts as it allows threat actors to perform out-of-bounds memory access, cause a crash, and execute arbitrary code.

With CVE-2024-4947, a total of seven zero-days have been resolved by Google in Chrome since the start of the year –

Users are recommended to upgrade to Chrome version 125.0.6422.60/.61 for Windows and macOS, and version 125.0.6422.60 for Linux to mitigate potential threats.

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

 

Source: https://thehackernews.com/