Google has released an emergency security update for Chrome to address a zero-day vulnerability that has been actively exploited in attacks [2].
Description
Google has released an emergency security update for Chrome to address a zero-day vulnerability [2], CVE-2024-4947 [1] [2] [3] [4] [5] [6] [7] [8] [9], which has been actively exploited in attacks [2]. This vulnerability, known as “Type Confusion in V8,” allows for remote code execution attacks through type confusion bugs in the V8 JavaScript engine. The update [2] [5], version 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60 for Linux [2] [4], fixes this high-severity vulnerability, which was discovered by Kaspersky researchers. In addition to CVE-2024-4947 [8], Google has also addressed eight other vulnerabilities [8], including CVE-2024-4948 [7] [8], in the latest update. This marks the 7th zero-day exploit targeting Chrome users this year [9], highlighting the ongoing threat of sophisticated cyber-attacks [9]. Security experts warn that these vulnerabilities are serious and should be patched immediately [7], as attackers are actively exploiting them in the wild [7]. The vulnerability has been fixed in Chrome for Windows and Mac [4], along with three additional vulnerabilities [4]. The update has been rolled out for Mac [5], Windows [2] [4] [5] [8], and Linux users [5] [8], with Chrome automatically updating or users can manually check for updates [5].
Conclusion
The release of an emergency security update by Google to address a zero-day vulnerability in Chrome underscores the importance of promptly applying patches to protect against cyber-attacks. Users are advised to update their Chrome browsers immediately to mitigate the risk of exploitation and safeguard their systems from potential security threats.
References
[1] https://www.zdnet.com/article/google-patches-zero-day-exploit-in-chrome-what-you-need-to-know/
[2] https://winbuzzer.com/2024/05/16/google-releases-emergency-chrome-update-for-third-zero-day-in-a-week-xcxwbn/
[3] https://www.darkreading.com/vulnerabilities-threats/patch-now-google-zero-day-exploit
[4] https://www.helpnetsecurity.com/2024/05/16/cve-2024-4947/
[5] https://vulert.com/blog/google-fixes-third-chrome-zero-day-2024/
[6] https://knowtechie.com/google-chrome-third-zero-day/
[7] https://siliconangle.com/2024/05/16/google-issues-emergency-chrome-update-patch-critical-zero-day-vulnerability/
[8] https://digital.nhs.uk/cyber-alerts/2024/cc-4494
[9] https://cybersecuritynews.com/google-chrome-zero-day-vulnerability/
