Google Chrome Zero-day Vulnerability (CVE-2024-4947) Actively Exploited in The Wild
Google has launched an emergency safety update for its Chrome web browser to patch a high-severity vulnerability that is being actively exploited by attackers within the wild.
The zero-day flaw, tracked as CVE-2024-4947, is a form confusion bug within the V8 JavaScript engine that can also enable some distance flung code execution attacks.
A sort confusion bug within the V8 JavaScript engine refers to a vulnerability where the engine incorrectly interprets the fashion of an object, leading to logical errors and more than seemingly permitting attackers to tag arbitrary code.
This kind of vulnerability is in particular dreadful resulting from it could per chance more than seemingly even be exploited to trigger heap corruption by crafting a particular HTML page that triggers the bug, thereby compromising the protection of the browser and the underlying system.
Chrome 125.0.6422.60 for Linux and 125.0.6422.60/.61 for Windows and Mac say so a lot of fixes and enhancements to the standard web browser. The reliable open log presents a complete checklist of changes.
Security researchers Vasily Berdnikov and Boris Larin from Kaspersky stumbled on the vulnerability on May more than seemingly thirteenth and reported it to Google.
“Google is aware of an exploit for CVE-2024-4947 present within the wild and urges users to update their browsers as quickly as that you must maybe be ready to mediate of.”
This marks the seventh zero-day exploit and the 2nd zero-day contained within the week that centered Chrome users this three hundred and sixty five days, highlighting the chronic risk posed by subtle cyber-attacks.
Assorted Security Fixes
In addition to to the zero-day patch, the Chrome 125 update entails 8 thoroughly different safety fixes:
- CVE-2024-4948 (High) – Exercise after free in Sunrise, reported by wgslfuzz
- CVE-2024-4949 (Medium) – Exercise after free in V8, reported by Ganjiang Zhou
- CVE-2024-4950 (Low) – Spoiled implementation in Downloads, reported by Shaheen Fazim
- Varied thoroughly different fixes from interior audits and fuzzing
Google has restricted decide up entry to to bug crucial capabilities until most users possess up to this level Chrome. The firm thanked all exterior researchers as successfully as its interior safety groups for his or her contributions to this open.
Change Advised
While Chrome will robotically update for most users, Google urges all Chrome users on Windows, Mac and Linux to be constructive that they are working version 125.0.6422.60 or later by manually checking for updates.
The fresh version contains serious safety patches to supply protection to towards capability attacks exploiting the zero-day vulnerability.
The Chrome crew expressed gratitude to all safety researchers who collaborated with them correct by the arrive cycle, serving to to prevent safety bugs from reaching the stable channel.
Source credit : cybersecuritynews.com