Patch Now: Another Google Zero-Day Under Exploit in the Wild
Google has rolled an emergency patch for CVE-2024-4947, the third Chrome zero-day it's addressed in the past week.
Another Google Chrome zero-day vulnerability is being exploited in the wild, the tech giant has disclosed — the third such bug revealed in just a week.
Google has pushed an emergency fix for the high-severity flaw (CVE-2024-4947) with version 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60 for Linux. According to the bug advisory, it's a type-confusion weakness in the open source Chrome V8 JavaScript engine. While Google didn't detail the types of attacks that are underway using the exploit, these types of bugs can lead to browser crashes and, in some cases, code execution.
"Google is aware that an exploit for CVE-2024-4947 exists in the wild," according to the advisory, released May 15.
The bug also affects Chromium-based browsers such as Microsoft Edge; Microsoft said that it's working on a fix.
This is the third zero-day that Google has patched in the last week, following the disclosure of CVE-2024-4761 (an out-of-bounds write vulnerability in V8 that has exploit code publicly available) and CVE-2024-4671 (a use-after-free flaw in the Visuals component that's under active exploit); both allow sandbox escape.
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
September 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
September 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
October 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
October 30, 2024
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024