Assigned the CVE identifier CVE-2024-4947, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Kaspersky researchers Vasily Berdnikov and Boris Larin on May 13, 2024.
Type confusion vulnerabilities arise when a program attempts to access a resource with an incompatible type. It can have serious impacts as it allows threat actors to perform out-of-bounds memory access, cause a crash, and execute arbitrary code.
With CVE-2024-4947, a total of seven zero-days have been resolved by Google in Chrome since the start of the year –
Users are recommended to upgrade to Chrome version 125.0.6422.60/.61 for Windows and macOS, and version 125.0.6422.60 for Linux to mitigate potential threats.
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.
Source: https://thehackernews.com/
