Google Patches Active Chrome Zero-Day Exploit
Google has resolved nine security flaws in its Chrome browser, including a critical zero-day vulnerability that has been actively exploited.
This specific vulnerability, identified by the CVE code CVE-2024-4947, arises from a type confusion error within the WebAssembly and JavaScript engines of Chrome version 8. Researchers Vasily Berdnikov and Boris Larin from Kaspersky brought this issue to light on May 13, 2024.
This article might interest you! Deep Dive into Cybersecurity Breach Prevention
Type confusion vulnerabilities occur when a piece of software attempts to handle data that is not compatible with the expected type. This can have severe consequences, as it provides malicious actors with the ability to execute arbitrary code, access memory outside of intended bounds, and potentially cause the application to crash. Such vulnerabilities are particularly dangerous because they can be exploited to take complete control of an affected system.
Following CVE-2024-4671 and CVE-2024-4761, this development marks the third zero-day vulnerability that Google has patched in less than a week.
As is customary, further details about the attacks have not been disclosed and are kept confidential to prevent further exploitation. Google has confirmed, ‘An exploit for CVE-2024-4947 exists in the wild.’
Since the beginning of the year, Google has addressed seven zero-day vulnerabilities in Chrome, including CVE-2024-4947.
领英推荐
To minimize potential risks, users are advised to update to Chrome version 125.0.6422.60/.61 for Windows and macOS, and version 125.0.6422.60 for Linux.
Additionally, users of Chromium-based browsers such as Vivaldi, Microsoft Edge, Brave, and Opera are recommended to apply these updates as soon as they become available.”
This version streamlines some of the language and ensures that the information is clear and concise.