Google has rolled out fixes to deal with a set of 9 safety points in its Chrome browser, together with a brand new zero-day that has been exploited within the wild.
Assigned the CVE identifier CVE-2024-4947, the vulnerability pertains to a sort confusion bug within the V8 JavaScript and WebAssembly engine. It was reported by Kaspersky researchers Vasily Berdnikov and Boris Larin on Might 13, 2024.
Sort confusion vulnerabilities come up when a program makes an attempt to entry a useful resource with an incompatible kind. It might probably have critical impacts because it permits risk actors to carry out out-of-bounds reminiscence entry, trigger a crash, and execute arbitrary code.
The event marks the third zero-day that Google has patched inside every week after CVE-2024-4671 and CVE-2024-4761.
As is often the case, no further particulars concerning the assaults can be found and have been withheld to forestall additional exploitation. “Google is aware that an exploit for CVE-2024-4947 exists in the wild,” the corporate stated.
With CVE-2024-4947, a complete of seven zero-days have been resolved by Google in Chrome because the begin of the 12 months –
Customers are beneficial to improve to Chrome model 125.0.6422.60/.61 for Home windows and macOS, and model 125.0.6422.60 for Linux to mitigate potential threats.
Customers of Chromium-based browsers akin to Microsoft Edge, Courageous, Opera, and Vivaldi are additionally suggested to use the fixes as and once they develop into accessible.
