Google has rolled out fixes to handle a set of 9 safety points in its Chrome browser, together with a brand new zero-day that has been exploited within the wild.
Assigned the CVE identifier CVE-2024-4947, the vulnerability pertains to a kind confusion bug within the V8 JavaScript and WebAssembly engine. It was reported by Kaspersky researchers Vasily Berdnikov and Boris Larin on Could 13, 2024.
Kind confusion vulnerabilities come up when a program makes an attempt to entry a useful resource with an incompatible sort. It might have critical impacts because it permits menace actors to carry out out-of-bounds reminiscence entry, trigger a crash, and execute arbitrary code.
The event marks the third zero-day that Google has patched inside per week after CVE-2024-4671 and CVE-2024-4761.
As is usually the case, no further particulars concerning the assaults can be found and have been withheld to forestall additional exploitation. “Google is conscious that an exploit for CVE-2024-4947 exists within the wild,” the corporate stated.
With CVE-2024-4947, a complete of seven zero-days have been resolved by Google in Chrome for the reason that begin of the yr –
Customers are really helpful to improve to Chrome model 125.0.6422.60/.61 for Home windows and macOS, and model 125.0.6422.60 for Linux to mitigate potential threats.
Customers of Chromium-based browsers reminiscent of Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and once they develop into accessible.