Google has rolled out fixes to address nine security issues in its Chrome browser, including a new zero-day vulnerability that has been widely exploited.
CVE identifier assigned CVE-2024-4947, the vulnerability is related to a type confusion bug in the V8 JavaScript and WebAssembly engines. Kaspersky researchers Vasily Berdnikov and Boris Larin reported the news on May 13, 2024.
Type confusion vulnerabilities occur when a program attempts to access resources of incompatible types. It can have serious impact as it allows threat actors to perform out-of-bounds memory access, cause crashes, and execute arbitrary code.
This development marks the third zero-day vulnerability Google has patched in a week, following CVE-2024-4671 and CVE-2024-4761.
As is usual, no further details about the attack are available and have been withheld to prevent further exploitation. “Google is aware of the vulnerability CVE-2024-4947,” the company said.
Since the beginning of this year, Google has addressed a total of 7 zero-day vulnerabilities in Chrome through CVE-2024-4947 –
Users are recommended to upgrade to Chrome version 125.0.6422.60/.61 on Windows and macOS and to Chrome version 125.0.6422.60 on Linux to mitigate potential threats.
Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply these fixes when they become available.
