Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability
Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild.
Assigned the CVE identifier CVE-2024-4947, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Kaspersky researchers Vasily Berdnikov and Boris Larin on May 13, 2024.
Type confusion vulnerabilities arise when a program attempts to access a resource with an incompatible type. It can have serious impacts as it allows threat actors to perform out-of-bounds memory access, cause a crash, and execute arbitrary code.
![Cybersecurity](http://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuUUskkMH9dUT3LF77_Q_irGuaE4LGjp-Am2Ls_UzGJ5EBnZHfuFiSvKs4OPE5KmfedBHcuZZVHS4Bh48UJx8brpwtg6Vr2Gepbaw-lGMIm9HjUhyphenhyphen2W5DVm5-ymwPS691Ie32TrCqFIv6SxNRA-jOKCKZrOB5dV7BfL0zVAhOO0neNkP9yv-XePBU1hN_0/s728-e365/wing-d.png)
The development marks the third zero-day that Google has patched within a week after CVE-2024-4671 and CVE-2024-4761.
As is typically the case, no additional details about the attacks are available and have been withheld to prevent further exploitation. “Google is aware that an exploit for CVE-2024-4947 exists in the wild,” the company said.
With CVE-2024-4947, a total of seven zero-days have been resolved by Google in Chrome since the start of the year –
Users are recommended to upgrade to Chrome version 125.0.6422.60/.61 for Windows and macOS, and version 125.0.6422.60 for Linux to mitigate potential threats.
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.