CVE-2024-4947- Google Chrome Zero-Day Under Attack: Urgent Patch Released

Google has urgently released patches for a newly discovered zero-day flaw in Chrome, following reports of active exploitation by unknown attackers. The vulnerability, catalogued as CVE-2024-4947, affects the V8 JavaScript engine integral to Google’s web browser. This critical type confusion issue was identified by the vigilant duo Vasily Berdnikov and Boris Larin of Kaspersky.

CVE-2024-4947

This high-severity vulnerability allows attackers to execute arbitrary code on the victim’s machine simply by visiting a malicious web page. Google has confirmed that this vulnerability is currently being exploited in the wild, making it essential for users to update their browsers immediately. The specific details of the attacks have been kept under wraps to prevent further exploitation by other cybercriminals.

Alongside CVE-2024-4947, Google has patched several other security flaws, which include:

  • CVE-2024-4948: A use-after-free issue in Dawn, which could potentially allow attackers to perform arbitrary code execution.
  • CVE-2024-4949: Another use-after-free vulnerability, this time in the V8 engine, reported by Ganjiang Zhou of the ChaMd5-H1 team.
  • CVE-2024-4950: This flaw relates to an inappropriate implementation in Chrome’s Downloads feature, which might be exploited to perform unintended actions on a user’s system.

Google has rolled out Chrome version 125.0.6422.60 for Linux and 125.0.6422.60/.61 for Windows and Mac to address these issues. Users are strongly advised to update their browsers to this latest version to protect against potential threats.