Patch Now: Another Google Zero-Day Under Exploit in the Wild

Google has rolled an emergency patch for CVE-2024-4947, the third Chrome zero-day it's addressed in the past week.

Dark Reading Staff, Dark Reading

May 16, 2024

1 Min Read
A brown leather patch sewn on fabric
Source: Arletta Cwalina via Alamy Stock Photo

Another Google Chrome zero-day vulnerability is being exploited in the wild, the tech giant has disclosed — the third such bug revealed in just a week.

Google has pushed an emergency fix for the high-severity flaw (CVE-2024-4947) with version 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60 for Linux. According to the bug advisory, it's a type-confusion weakness in the open source Chrome V8 JavaScript engine. While Google didn't detail the types of attacks that are underway using the exploit, these types of bugs can lead to browser crashes and, in some cases, code execution.

"Google is aware that an exploit for CVE-2024-4947 exists in the wild," according to the advisory, released May 15.

The bug also affects Chromium-based browsers such as Microsoft Edge; Microsoft said that it's working on a fix.

This is the third zero-day that Google has patched in the last week, following the disclosure of CVE-2024-4761 (an out-of-bounds write vulnerability in V8 that has exploit code publicly available) and CVE-2024-4671 (a use-after-free flaw in the Visuals component that's under active exploit); both allow sandbox escape.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights