Patch Now: Another Google Zero-Day Under Exploit in the Wild
Google has rolled an emergency patch for CVE-2024-4947, the third Chrome zero-day it's addressed in the past week.
Another Google Chrome zero-day vulnerability is being exploited in the wild, the tech giant has disclosed — the third such bug revealed in just a week.
Google has pushed an emergency fix for the high-severity flaw (CVE-2024-4947) with version 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60 for Linux. According to the bug advisory, it's a type-confusion weakness in the open source Chrome V8 JavaScript engine. While Google didn't detail the types of attacks that are underway using the exploit, these types of bugs can lead to browser crashes and, in some cases, code execution.
"Google is aware that an exploit for CVE-2024-4947 exists in the wild," according to the advisory, released May 15.
The bug also affects Chromium-based browsers such as Microsoft Edge; Microsoft said that it's working on a fix.
This is the third zero-day that Google has patched in the last week, following the disclosure of CVE-2024-4761 (an out-of-bounds write vulnerability in V8 that has exploit code publicly available) and CVE-2024-4671 (a use-after-free flaw in the Visuals component that's under active exploit); both allow sandbox escape.
About the Author
You May Also Like
A Cyber Pros' Guide to Navigating Emerging Privacy Regulation
Dec 10, 2024Identifying the Cybersecurity Metrics that Actually Matter
Dec 11, 2024The Current State of AI Adoption in Cybersecurity, Including its Opportunities
Dec 12, 2024Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024