Google has rolled out fixes to deal with a set of 9 security points in its Chrome browser, together with a brand new zero-day that has been exploited within the wild.
Assigned the CVE identifier CVE-2024-4947, the vulnerability pertains to a sort confusion bug within the V8 JavaScript and WebAssembly engine. It was reported by Kaspersky researchers Vasily Berdnikov and Boris Larin on Could 13, 2024.
Sort confusion vulnerabilities come up when a program makes an attempt to entry a useful resource with an incompatible sort. It might probably have severe impacts because it permits menace actors to carry out out-of-bounds reminiscence entry, trigger a crash, and execute arbitrary code.
The event marks the third zero-day that Google has patched inside per week after CVE-2024-4671 and CVE-2024-4761.
As is usually the case, no further particulars in regards to the assaults can be found and have been withheld to stop additional exploitation. “Google is conscious that an exploit for CVE-2024-4947 exists within the wild,” the corporate mentioned.
With CVE-2024-4947, a complete of seven zero-days have been resolved by Google in Chrome because the begin of the 12 months –
Customers are really helpful to improve to Chrome model 125.0.6422.60/.61 for Home windows and macOS, and model 125.0.6422.60 for Linux to mitigate potential threats.
Customers of Chromium-based browsers similar to Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and once they develop into out there.
